Mastodon PSA, mostly for admins
Mastodon has a thing called AUTHORIZED_FETCH. You should almost definitely enable it.
Some people say "but blocked instances can still see my posts" well not with this thing on. This makes server check who is trying to get your posts and will yeet all the blocked instances. That's what all modern software just assumes but it prevents Scaling (and relays) so it's not on by default.
https://docs.joinmastodon.org/admin/config/
If you are on masto.host you can ask this to be enabled.
Mastodon PSA, mostly for admins
@charlag Why does it prevent scaling? Can we authorised fetch from multiple instances of masto? Or? What's the issue? IDK will look myself :P Thanks for the headsup. I'll look about this on our server now since we aren't scaling yet.
fuchsiaaaaaaaaaaaaaaaaa
Mastodon PSA, mostly for admins
@ikora @charlag it doesn't necessarily prevent scaling per se, but every new instance that sees a boost of a toot has to contact back to your instance to get the content, resulting in more traffic than without (where the full toot is shared anywhere without involving the original server again).
Either way the security improvements heavily outweigh this, and if your instance is big enough for this to really be a problem you've got other issues too..
But it shows why Gargron won't just enable this by default, since scaling to the max is more important than security
Mastodon PSA, mostly for admins
@f0x @ikora thanks, I missed the post. Yeah, instead of passing your post around every server will request the post but I think that this is no-issue. The only way around this would be encrypting everything and rotating keys.