Skip to main content


 

Limiting number of users - now in place


!Nerdica Forum

Hi!

As already proposed some weeks ago, I've now implemented a method to shutdown the open registration when there are 1200 users on Nerdica. Currently we are at 1194 users.

Registration will automatically re-open when the number of users drops again under 1100 users.

Already registered users can invite family and friends to Nerdica.Net regardless of public registration status being open or closed. Just invite them by mail.
But public registration will now be automatically closed and re-opened as described.



 

Short interruption


!Nerdica Forum

There was another short outage for maintenance to mitigate some CPU bugs:

SUMMARY: CVE-2017-5753:OK CVE-2017-5715:OK CVE-2017-5754:OK CVE-2018-3640:OK CVE-2018-3639:OK CVE-2018-3615:OK CVE-2018-3620:OK CVE-2018-3646:OK CVE-2018-12126:OK CVE-2018-12130:OK CVE-2018-12127:OK CVE-2019-11091:OK

Services should be back to normal now.



 
@Nerdica Forum
I don't think "null" is a user, since I don't appear in the "introduction", and I can't cancel the notification...

is there a way to solve it?

Image/Photo

At the moment? No idea...

Only idea is: maybe it's a request from a user that got deleted in the meanwhile. In that case everything related to that user should be deleted 7 days later. So I'd recommend to wait a week and if the problem persist, then we have to investigate with the developers in the helpers forum.

Okay, I'll take note, and in 10 days, in case, I'll rewrite in this post, without writing another one ^^

8 days have passed and still nothing has changed O.o

!Friendica Support

See the discussion... one user has a user labeled "null" in introductions that seems to be a non-existing user...

Any ideas how to get rid off of this introduction?

ok, I spam there XD



 
Is it possible on github to post an issue potentially affecting two seperate projects at once? Because I would like to post this issue ( https://mastodon.social/@guidoV4/102321231432123013 ) potentially affecting the two projects nerdica.net (cc @nerdicasupport ) and #Fedilab (cc @fedilab ) simulataneously.

Please report this to Friendica Github issue queue.

Ping me when it's done. I checked and an endpoint verify_credential returns an account object whatever the credentials (I currently don't understand how it is picked up).
Their is no risk only public statuses are displayed because the token is no valid. So nothing private is displayed and nothing can be done with this account. It's like visiting a profile.
@nerdicasupport

Ok, in this case the issue is atleast not as serious as I thought.



 
A warning for #Fedilab- and #Nerdica-users: unfortunately there currently is a giant security-issue if you try to use Fedilab with a nerdica.net-account. If you are doing this you will always be logged in to someone elses account instead of your own and there is also another problem: unlike f.e. mastodon.social nerdica.net also doesn't ask to authorize the Fedilab-app. It just redirects you to the account the Fedilab-app logged you in to.

cc @nerdicasupport @fedilab

I think this security issue is so serious that I would reccommend @fedilab and @nerdicasupport to temporarily shut down the Fedilab-app and the nerdica.net-instance until they solved this serious security-issue.

Ok, I found out that the f-droid-version of #Fedilab (2.6.1) isn't the most recent one. Maybe this issue doesn't exist in 2.7 anymore but I haven't tested it because I want to avoid the Google Play Store as much as possible.

But I would still urgently recommend you to take down the f-droid-version 2.6.1 for now and maybe also version 2.7 from the google-store if it should turn out to also still exist in this version because of this serious security issue as it could enable criminals to take over nerdica.net-accounts of other users.

Therefore I would also recommend nerdica.net to generally block all requests coming from the #Fedilab-app for now if it's possible.

Have you reported this to the developers in !Friendica Support ?

Can you please contact me directly for more details?

So to give an update from a different discussion:
Fedilab apparently shows (a more or less random) user profile when the account credentials don't work and displays public posts.
No issue in regard of security, as it seems.

Not a security issue I confirm. I checked it deeply. As soon as it requires a token, it throws a 401.
But, the reply for the random account comes from the server reply.
@guidoV4 @nerdicasupport



 

Limiting number of users?


!Nerdica Forum

Right now this #Friendica node has 1098 registered users and like 200 monthly active users.

I'm thinking about switching the registration mode from open registration to closed registration. With closed registration it should be still possible to invite friends over here and get new users, but it won't be possible to still register without an invitation.

The idea of limiting the number of users on this node are:
* this is a private server with limited resources. So having thousands or tenthousands of users is unlikey to run will on the current hardware. It's not like the current hardware is facing its limits, but I want to avoid facing these limits for the sake of smooth operation for the current users
* the basic idea of the federation is that everyone can run an own node instead of having large, centralized nodes. Currently we have 3 or 4 large nodes... show more

I understand your stance as an instance owner, but I'm not sure closing registrations is the best way to entice the spawning of new instances.

With such a limited number of instances, if they all close registrations that means creating a Friendica account to try things out (just like I did with this one, my main account being on Mastodon) will be much more difficult.

This is just pure speculation and maybe it won't be that much of a deal, maybe othere instances won't close registrations, maybe people will find ways to get invited, but I wouldn't want Friendica becoming a closed community that eventually dies off for lack of interest.

Again, I'm not telling you what to do, on the contrary, I must thank you for hosting this instance, and I'm just offering my perception as a new user that doesn't interact much with Friendica.

Limiting the number of registrations or users on Nerdica doesn't mean that the number of users for Friendica is limited.
Currently we have about 100 Friendica nodes listed, but most users are registering on the big 4 nodes. This makes it difficult for smaller nodes to grow. And therefor closing down registrations when a high-water mark is reached can improve the situation (=user count) for the smaller nodes. And there can help with the robustness of the Fediverse in general: more nodes of the same size instead just a few bigger nodes.

Your comment is very much appreciated! :-)

Limiting the number of registrations or users on Nerdica doesn't mean that the number of users for Friendica is limited.
Currently we have about 100 Friendica nodes listed, but most users are registering on the big 4 nodes. This makes it difficult for smaller nodes to grow. And therefor closing down registrations when a high-water mark is reached can improve the situation (=user count) for the smaller nodes. And there can help with the robustness of the Fediverse in general: more nodes of the same size instead just a few bigger nodes.

Your comment is very much appreciated! :-)



 

Nerdica upgraded to 2019.06-rc


!Nerdica Forum

Hi!

Just some minutes ago I upgraded Nerdica to current release candidate version 2019.06-rc:

Version
Friendica 'Dalmatian Bellflower' 2019.06-rc - 1313

Prior upgrade tries were failing, but this time everything went well.

If you experience any issues please report them to !helpers@forum.friendi.ca - that way the issues can be worked on directly by the developers.

I think there are some problems, because the "social network" section doesn't seem to work anymore, exactly since you have updated O.o

Try again... it seems as if some addons were missing (short outage while working on this)

Okay, everything seems to be working now, thank you very much :)

I do see Estonian translation, and it is working very well. Thank You!



 

Downtime on Friday


!Nerdica Forum

Dear users,

as you certainly have experienced on Friday, Nerdica.Net was unavailable for a longer time.

What happened?

Well, I tried to upgrade the underlying Debian Linux installtion from stretch to buster. Although I did that before on other virtual servers, there was a new problem on this server: the Apache webserver didn't want to start.

Unfortunately, as a bonus challenge, I needed to go away from my desk and was only able to work on the issue via my iPhone SE and an SSL client. This lead to longer time to fix this issue than it would have been when I was still on my laptop.

In the end everything should work again. If you experience some problems, please drop me a note. Thanks!

Thanks for the effort to get us back online!

Thanks a lot, Jürgen!



 

Failed upgrade to RC candidate


!Nerdica Forum

Dear users,

you may have experienced some outage this evening. Reason was that I tried to upgrade to the release candidate of Friendica 2019.06-rc today. This failed and I needed to restore the code from backup.

Apparently it is now running again on latest stable release.

Sorry for the inconvenience...

Today I tried again to switch to 2019.06-rc and it failed again the same way.

I won't give it another try until a new RC2 has been released or the final release version is available.

*GRMPF*



 

Can't set password


Hi all, I have just joined, it seems I can't change my password.

When I go to settings, select "Password change", fill in my new password and confirmation, fill in the current password (the one I got via email), then click "Save Settings" I get 4 warnings, one of which displays "Password unchanged".

Image/Photo

Image/Photo

And indeed when trying to log off/in my new password doesn't work and the old one still does.

Is this an issue with Friendica, should I be submitting it on Github?
Password (x)

I also had this problem, and I believe it was because of my password manager's autofill feature. After I disabled it for Nerdica I was able to change my password.

Strange, I am not using any password manager extension. Although I am copy-pasting passwords.

I'll try and disable all extensions and typing passwords by hand

That did the trick.

Pin-pointing root cause now...

I cannot reproduce.

I have all extensions enabled and I managed to copy paste both the new password as well as the current password.

Either the issue has been solved in the mean time, or you have to manually type the current password (that is, the one you received via email) the first time you change your password.

Anyway, thanks for the support, I'll be off to enjoy Friendica now :)

I have the same problem for now I am with the default password I will try later, or give me instructions please to solve this

As previously posted, have you tried typing the mail password by hand?

yes I did, cause it was the first time I use Nerdica, I might have found the issue I had a very slow firefox, with a reinstall it's ok now, so it might be a corrupt firefox installation



 

Nerdica upgraded to 2019.03-rc


!Nerdica Forum

Dear users,

this evening I switched Nerdica to the current release candidate 2019.03-rc of Friendica.

The migration took a little longer as the database upgrade failed again and again with a strange error. It took a while until I figured out was the problem was and fixing it.

Sorry for the unexpected long downtime, but now it should be running just fine again. If you experience any issues, please report here or in the Friendica Support Forum, where the developers are also reading...

Thanks!



 

Cross-posting to Wordpress from Nerdica


Hi -- I'm brand new here, and one of the things I wanted to be able to do from Nerdica/Friendi.ca was crosspost to my (self-hosted) Wordpress blog.

I found the Social Networks page, and the Wordpress Export section. But I can't find any documentation anywhere that explains what's being looked for in the key "WordPress API URL" field. Anyone have an answer, or know where I can dig up more information on this?

Thanks!
wordpress (x)

With API URL the addon means XMRPC API URL. There is also a REST API URL for Wordpress.
From the Wordpress addon system setting:
Post to WordPress (or anything else which uses blogger XMLRPC API)


Maybe this helps:
https://codex.wordpress.org/XML-RPC_Support

So it looks like it's the path to the WP xmlrpc.php file ... hmmm, okay, thought I had that identified. That gives me something to play with. I'll give it a try and update this if I get it working. :-)

Thanks, Ingo!



 

Can't connect to nerdica.net with XMPP-client Conversations.im


I just tried to connect to my account on nerdica.net with Conversations.im but got the error message "Incompatible server"? Conversations.im should be a real XMPP client? The information about nerdica.net also says:

"All (friendly) creatures welcome! Free registration. Server located in Germany. As a registered user on Nerdica.Net you are also able to use XMPP (Jabber) under the same address and with your password. Get the best of free and open networks at Nerdica.Net! :-)"

Hmmm, it should work. Have you tested the web interface on https://jabber.windfluechter.net/ and logging in with your "PrivSecurity@nerdica.net" and your password?

After help from @Ingo Jürgensmann I think we can be pretty sure the problem is in the Conversations.im client in connection with the nerdica server. When I try to connect with another client, Xabber for Android, it works fine.

@PrivSecurity
Ok, I checked back with Daniel Gultsch on Twitter... in his opinion the problem might be that I'm using "slt" for proxying SSL connections to TLS and TLS is expecting STARTTLS command... So, the compliance tester is happy with the current setup, but the real client is not.

For some unknown reasons (at the moment) the configuration does not work as documented (legacy_ssl_ports for Prosody)...



 
!Nerdica Forum

I received a mail from Google about the closing down of #Google+ :

Hello Google+ Developer,

The email below contains your most recent usage of Google+ APIs. Note: It includes Google+ OAuth scope requests, which are also affected by the Google+ shutdown. A prior email sent to active API callers did not include information about OAuth requests. One final reminder email will be sent in February to users who still have active API or OAuth request activity.

What do I need to know?

On March 7, 2019, all Google+ APIs and Google+ Sign-in will be shut down completely. This will be a progressive shutdown, with API calls starting to intermittently fail as early as January 28, 2019, and OAuth requests for Google+ scopes starting to intermittently fail as early as February 15, 2019.

What do I need to do?

Please update your projects liste
... show more



 

Workaround for bug in newest release applied


!Nerdica Forum

There is a small nasty bug in newest Friendica release 2019.01:

When enabling "use browser location" the modal for writing the post doesn't appear


So, when you're using browser location you might not be able to post anything on Nerdica.Net. As a workaround I've followed the tip to disable this function on SQL level:

MariaDB [friendica]> UPDATE user SET `allow_location` = 0 WHERE `allow_location` = 1;
Query OK, 10 rows affected (0.01 sec)
Rows matched: 10  Changed: 10  Warnings: 0


As you can see there were 10 users affected. In the development branch this bug has already been fixed, but I still await a fixed release version. As soon as this fix is available you should be able to enable "use browser location" again.



 

XMPP for all Nerdica.Net Users


!Nerdica Forum

As yesterday already pointed out, I worked on enabling XMPP for all Friendica.Net users. A short test showed that this was successful, at least as far as I could test it.

So, what's this XMPP stuff is all about?

What is XMPP?
XMPP, or formerly known as Jabber, is a protocol for instant messaging. You can read the XMPP article in Wikipedia if your interested in details.
XMPP is similar to Friendica in that it is a federated protocol as well as email is. So, there is no central server infrastructure like for Facebook, but basically everyone can run his/her own server, if wanted. But you don't need to! There are hundreds of free XMPP servers out there where you can register an account. As an user of Nerdica.Net you already have an XMPP account with the same address as your Friendica account: <username>@nerdica.net.

How can I use XMPP?
There are multiple options.

1) Within your profi... show more

Oh, sorry... thought that the default setting will be used as a default in the user settings as well. You'll need to set the BOSH URL to:

https://jabber.windfluechter.net:5281/http-bind

Hope, this helps. Otherwise you can also use the fully featured webclient on https://jabber.windfluechter.net/ - there you'll need just your account and password.

Ok, I see you in the chatroom and also have added the BOSH URL to the original posting...



 

Nerdica.Net upgraded to 2019.01 release


!Nerdica Forum

Just upgraded to today release of Friendica 2019.01


Version Friendica 'The Tazmans Flax-lily' 2019.01 - 1293



 

Upcoming Server Works


!Nerdica Forum

Today I sent a Samsung NVME M.2 disk to the hoster in order to have that put into the server and to speed up the underlying database of Friendica on Nerdica.Net.

This is somewhat strange... Although I bought that server, I've never seen it personally. It was directly sent to the colocation hoster and now I'm somewhat curious whether or not everything fits into the box.

So, expect some downtimes of the server in the next 1-2 weeks. Until everything is settled and tuned, it will need some reboots and such.

Maybe some interesting facts for the techies of you:
- database size: 19 GB at the moment
- mem/pool size: 16 GB
- current disk setup: 4x SATA disk RAID10
- 6x Xeon cores

It's somewhat likely that the SSD will be put into place around December 12th, so in about 3 weeks. The hoster will then be at colocation space for another costumer and I won't need to pay an additional fee for installation. :-)

The downtime has now been scheduled for Thursday, Dec. 13th, between 18-20:00 CET. The colocation provider will then shutdown the server and install the SSD. After that I need to make some tests and move the databases from the RAID10 to the SSD.
This will take some time, but I guess the server should be back up again at 21:00 CET...



 

Friendica and GDPR


Hi there.

I joined G+ a long time ago due to me and my wife using the Ingress AR-Game. Since then I have used the Google services a lot (G+, Blogger, Drive, ...). About five years ago I also became data protection officer (#Datenschutzbeauftragter) in our company and learned a lot about do's and don'ts, recently regarding the new general data protection regulations (#gdpr) that are in effect since May 25th 2018.
Google has its flaws but after all they were certified by the privacy shield standard applied to US companies that are working personal data of EU inhabitants which is acknowledged by gdpr as a legal standard.
Looking for a new way to connect to people over the internet (due to the recent news that G+ is shutting its service down next year) I joined #... show more
#Datenschutzbeauftragter) dsgvo (x) friendica (x) gdpr (x)

Since I forgot some tags and beeing unable to edit the original post I comment with tags on my post.
#privacyshield #gdpr #dsgvo #dataprotectionofficer #privacy #privacypolicy

Hmmm, since you are posting this in the Nerdica Forum, I think you are especially interested in GDPR statements regardings this node, right?

1) This node is run by a private person,
2) I'm a data protection & privacy activist for years and active in AK Vorrat and other NGOs
3) except for the mail address, which is necessary to register and recover lost passwords, all data that is stored is entered by the users. There is no data preservation of IP addresses in the logs.
4) if someone wants to provide me a good text for data protection statement to be published on this side, this would be very much appreciated
5) the moment when someone wants to put legal action against this node or server in any regard is the moment where I shutdown everything and delete it.
This entry was edited (10 months ago)

Hi @Ingo Jürgensmann So I guess all nodes have to have their own activities around privacy regulations. As far as I understand the aspects of running a friendica node you are a "controller" (GDPR Art 4) and so you are responsible for all that is required in regards of gdpr and your node.
Please note that I am not willing to take any legal action in this regard so all I write is meant to be an advice (and/or a starting point for further discussions) from someone who is still learning how social networks work.
A good starting point to figure this issue out is to compile a "record of processing activities[" (GDPR Art 30). You will find a document here that might help you setting this... show more

Although I think JPA did a great job in the legal process of GDPR, but what came out is a little too bureaucratic and over the top for private users.
It's quite unlikely that I will conduct such a "paper".
That's why I said that I will shutdown everything on that moment when I'm forced to do so. This will also be the case when upload filters are required by EU legislation. That wouldn't be a free and open Internet anymore, because already today you need a master degree at a law school when running some services on the Internet.

I totally agree with you on the amount of formality and bureaucracy that is required. I don't have a law degree either and sometimes I have no choice but to ask for the assistance of a lawyer. And I definitely didn't want to make you upset. ;)

But if I had a saying in this I would rather make friendica my "safe social networks harbour" which requires the administration to meet legal requirements rather than to have yours, mine and everyboby elses endeavors shatter at the first sign of trouble. Running an internet service that deals massively with personal data is not something to treat lightly. But I also think it is possible to tackle all requirements. At least it is worth a try.



 

DNSSEC for nerdica.net


!Nerdica Forum

Since of today Nerdica.net is secured by DNSSEC. There shouldn't be any issues because of this. Just to let you know... :)