pixelfed

Official blog of Pixelfed

Fiona Apple - I Want You To Love Me

Today we are shipping v0.10.9!

In v0.10.9, we added Remote Posts + Profiles, Reply Modals, Improved Search, New Landing Page and much more!

Today also happens to be our birthday, our project started 2 years ago! πŸ₯³

The full list of changes can be found on the changelog.

<3,

@dansup & team

TL;DR Update PHP to 7.3.11+ ASAP, a recent CVE has demonstrated RCE in certain nginx/php-fpm configurations


We have become aware of a new security risk that has emerged within the past few days. This exploit is bad, allowing remote code execution on certain nginx/php-fpm configurations. If you don’t run NGINX, this does not affect you.

We recommend updating to PHP v 7.3.11 or later as soon as possible. If you used our example nginx configuration, please update the following code from:

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

to:

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        try_files $fastcgi_script_name =404;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }

If you have any questions, join our #pixelfed channel on Freenode!

β€” Pixelfed Team

TL;DR: We are using snowflake ids as primary keys for posts and profiles as auto-incremented ids have many setbacks

Earlier this year we rolled out a new type of identifier for posts and profiles. Snowflake ids are unique ID numbers that scale across multiple app and database servers without requiring a central or distributed source.

We decided to make this change for the following reasons: – Scales better (supports region/datacenter and worker ids) – Better Privacy (more difficult to enumerate ids) – Ability to support over 10k ids per second across workers – Easier to order/sort compared to hashids/uuids/base62 – Supported for 69 years based on our epoch of February 2019

We look forward to adding snowflake id support to the rest of the code base in the coming months!

β€” Pixelfed Team

Welcome to the official Pixelfed blog, hosted by our friends Write.as.

We look forward to sharing more in-depth blog posts this summer!

Enter your email to subscribe to updates.