PSA: It's been a week. Please check your Mastodon instance to see if it's running a version prior to 3.5.9, 4.0.5, and 4.1.3. If so, it's susceptible to an attack in the wild that allows remote code execution via a toot, and you should get your admin to update ASAP.
I'm very sorry for all of the degraded performance lately on calckey.social. As you may or may not know, we've been testing changes with our codebase, database deployment, ims deployment, and a whole lot more. After a lot of testing and changes, I thought that we were good enough to start opening signups again. Turns out... we're not. As I continue to work on things and start team up with some very smart people who've worked in deployment and scaling systems, we're going to do our absolute best to make sure that we can handle things on all ends, and hopefully get extra hands on deck for day-to-day operations, so it's not all on my shoulders. I was sadly unable to attend to a lot of things yesterday due to being out of town for the holiday, and being in a no-service area for the majority of the day, so I didn't know that there were issues until it was too late. Thank you for your patience as we go through growing pains. A full write-up on what went wrong, the steps we took, and how it's fixed (once it's fixed!) will be made after all this is done. For real.
I did NOT expect this amount of support, interest, and coverage! Hitting 13k from 11k in a little over 2 days across all servers is still boggling my mind. And it's not just calckey.social -- so many other servers are getting new users, and even ~30 new servers cropped up! Thank you all, from the bottom of my heart. I'll make sure that I do my hardest to make sure you all have a great experience.
As promised, you all deserve a peak into what we've been working on in secret for months. More details to come tonight/tomorrow. Stay tuned. 😉
i mean, is it seriously even a question for anyone? the second facebook drops its mastodon instance domain, it's going straight into dialup.cafe's blocklist
Okay, not to pick on the admins, but to call out this really quickly…
This would not have been a "small mistake."
Do.
Not.
Do.
This.
It is not a "small mistake" it is "irresponsible to an extreme" to have other's data on your local systems, especially in an unencrypted state.
Also I don't care for the delaying informing people, but I especially don't care for delaying informing people to change their passwords even if you can't/won't reveal the breach for whatever reason.