Helping bring knzk.me back to life...
@Gargron what is wrong with it?
@staticsafe A couple things. If my understanding of the events is correct, the security fix that rate-limits failures in signature verification by source IP backfired on knzk.me because their Puma does not see the real IP address (proxy misconfig). In search of solution, they reset all RSA keys as well, wherein I discovered a bug in the tootctl command that does that, so the accounts were advertising one public key, while signing with another.
@staticsafe I have run another update on the public_key column to source it from the actual keypair, and given them a patch to (temporarily) undo the IP-based fix. In a day or more the accounts should be considered stale, and key caches on other servers should update and fix themselves. To check that it worked, I manually updated key caches on mastodon.social, and was able to successfully communicate with knzk.me
@Gargron wow that seems like quite the issue
@staticsafe The somewhat disturbing thing is that I was able to reliably reproduce the key-related issue, but the problem that led them to attempt resetting their keys in the first place is merely an (educated) guess. At least it seems to work 🤷♂️
@Gargron o shit they called in the big guns
@Gargron OMG EUGEN I WILL GIVE YOU ANY FORM OF AFFECTION YOU WOULD LIKE (INCLUDING NONE) IF YOU DO THIS!!!!!!!
it looked very odd the other day... nothing in queues...
I am concerned about the agressiveness of the SSL inspection on their Fortigate.
@Gargron I didn't even know it closed?
@Gargron thank you.
@Gargron that's so nice of you
@Gargron thank you so much !!!
@Gargron thank you eugen, it's kind of you to help and i appreciate your efforts.
@Gargron I’d be fascinated to see a post-mortem for the fix
@Gargron eugen,,,, thank you
@Gargron I'm trying to use my Evanescence method of summoning...and I'm givin' it all she's got, cap'n!
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. This server is run by the main developers of the Mastodon project. Everyone is welcome as long as you follow our code of conduct!