State of Project Segfault: March 2024
After Midou kept forgetting to write the blog post for the past 5 days, he finally remembered that it's getting too late to write the blog post, so here we go. This month haven't been seen many changes but nonetheless, there are still thinks to talk about, notably GeoDNS being broken and fixed, Tor that somehow lost its domain and have been restored successfully to the previous domain name, the XZ backdoor, Kbin officially dead, Invidious being broken for the past few days...yeah that's pretty much it. Nothing much on Project Segfault side, time for the details!
GeoDNS fixed
Most project segfault instances not using the ".countrycode." subdomain were broken due to GeoDNS having some issues. A quick update and restart fixed the problem.
Tor domain restored
It almost took an entire month to figure this out thanks to Tor being so secretive and cryptic when talking in logs. But after checking the domain name folder Midou have noticed that the domain name provided was completely different than the one we had advertised on the website. As a result the entire services was hosted on a different .onion domain name. After confirming this Midou went ahead and restored last month's backup (prior to the migration from Nonic to Avoro) and everything got solved after. Isn't it great to have extra backups to save your back when you need them? :)
XZ Backdoor
Before we start: We are not affected by the backdoor. But we still went and reviewed every instance's status and made sure to confirm the backdoor wasn't installed. But again, even if the backdoor was installed, the culprit wouldn't have been able to access the servers unless we authorized their Tailscale client. Thus the backdoor wouldn't be applicable even if we had that vulnerability. However, there are still other projects that the rogue maintainer have muddied. So we still don't know the extent of the damage. Rest assured we are monitoring the XZ situation very closely as to be able to upgrade or patch our servers as soon as something new have been announced.
Rest in peace, KBin
Due to Midou's (and Arya too I guess) lack of interest in hosting KBin, and it being a mess to host, eating way too much ram, and way too much processing power for a simple fediverse client. We decided to shut it down the same way we shut down our Akkoma instance. If any user wishes to transfer their data, they can contact us and we will turn back on the instance long enough so you can take your data out.
Invidious (and Piped) fixed
In yet another episode of YouTube being YouTube, the Web integrity for android have been implemented to youtube, which broke Invidious and piped, and also yt-dlp. The fix (or workaround, that is) was to completely switch to the iOS youtube client info. Currently this has no impact to the two privacy frontends, hopefully YouTube goes back into sleep mode long enough again.
A 100$CAD donation have been received
TLDR: The donation we received saved us from a risk of shutting down soon. We advise you to donate to the project if you want us to keep working on it, We don't even profit from the project for the sake of keeping it longer.
I know this isn't usually what we post in blog posts, and I also have been told by the team many times before to not post this as a form of fearmongering, but we need to inform you of something that is important (and you probably already know what we are about to say). Project Segfault needs your donations to stay alive. During the past month we were starting to worry about the future of the project since we were reaching below the 100€ mark. Our costs (which can be seen here) (GitHub Mirror) do not guarantee us a long amount of time to hosting Project Segfault services when it reaches below that mark. Unless we cut down crucial backups or go to a cheaper hosting provider that may or may not guarantee us a better experience, at best the project will stay alive for 4-5 months before shutting down (with 1 month being taken to announce the end of the project). Thankfully, you do not have to worry about this right now as we have received this donation thanks to the generous contributor. But I just wanted to make you all aware that ever since Soleil Levant shut down, everything we run is relying on your donations, and a lack of funding means a guaranteed death of the project. So please, don't forget to donate to us if you want us to stay around. Thank you.
-Midou