I Break Computers!

The infosec blog of Jonathan J Snyder

I decided it was time for me to write another blog post though this one is not going to be as long as the others I've written (hopefully). This was a problem that I had been working on for at least a month on an off which required a ticket to be opened with castopod, searching the internet forever and finally getting ChatGPT to look at it all, make suggestions, and finally I realized what I was going on.

Installing Castopod

This tutorial is designed around hosting #castopod on an Ubuntu server while using #docker as my method of running it. I utilized the automatic server installation of Docker that comes as an option when installing a server but I also had to run sudo apt-get docker-compose -y to also get the other portion needed on the server.

Once you got that on, go ahead and follow the instructions on the main website.


Once that is done, two possible things will happen. Once you go to localhost/cp-install, you'll either see the super user creation screen or you are going to be greeted by a warning that the program was not able to connect to your SQL database. In the logs you'll see

**castopod-db | 2023-07-14  0:04:00 4 [Warning] Access denied for user 'castopod'@'' (using password: YES)**
castopod-app |
castopod-app | [CodeIgniter\Database\Exceptions\DatabaseException]
castopod-app |
castopod-app | Unable to connect to the database.
**castopod-app | Main connection [MySQLi]: Access denied for user '****'@'' (using password: YES)**
castopod-app |
castopod-app | at SYSTEMPATH/Database/BaseConnection.php:418

This is the point that I really got stuck and spent almost a month scouring the internet, creating a ticket, closing said ticket after two weeks then creating a new one specifically about the same issue appearing in the docker installation.

The castopod developers did not get back to me (which is fine. I understand it's supported by volunteers and they have a lot of time. This is not me knocking them) but I decided to go to my last resort of asking ChatGPT based on the information I had. It made suggestions that actually fixed the issue.

If you get this issue where the database can't connect due to access denied, you'll need to run the following commands:

sudo chmod +x /usr/bin/docker-compose
sudo chmod 666 /var/run/docker.sock

Once that is done, you need to clear out the previously created volumes and start up again.

docker-compose down --volumes --remove-orphans

docker-compose up -d

Once you've done that. You should be good to go!


I know that generative #AI is still a hot button topic in the #infosec world but I am one that thinks that it can be used for good to help and I wanted to show case how it helped me which allowed me to find an answer for everyone and save the developers a lot of trying to figure it out.

Of course, I'm not going to opine on AI here in this small article but I wanted to be upfront on how it helped and how it can help the #selfhosting community when it comes to issues like this in Castopod.

Until next time!

— Jonathan S.

Finally, I got my #infosec #blog up and running again. It has been so long since I accidentally took it down by messing up the A records but that’s a story for another post. I wanted to write up tips and tricks of things that I ran into while attempting to install my own #peertube #instance that was not explained well in the documentation available on the main website.

To be clear, this isn’t any sort of knocking the people who make it, it’s just not mentioned and I don’t know if that’s because for people used to this stuff it’s common knowledge or it just hasn’t been updated. Here we go!

Before we begin, a few points about what I’m going to talk about. This is not going to be a full installation tutorial but a supplement to to go along with the official documentation . This also assumes that the setup you are using is having one internet facing server that is directing traffic upstream to other machines on the network so that they are not exposed.

The server this is written for is Ubuntu 22.04 and I am using the Nginx that comes with the apt-get command. At the time of this writing, it’s Nginx 1.18.1.

Issue #1 – default NodeJS is not High Enough.

The first part of the tutorial provided by Peer Tube points you to the dependencies that you will need to initially install first. Do not just use the copy-paste they have to install the default. The deb files that are available are not the right version that it needs.

When I ran the sudo apt-get install nodejs, the server installed 12.x. You need at least 16.x to install minimum. When you go manually install nodeJS yourself so that you can run yard, DO NOT install the latest version 20.x. It is NOT compatible with Yarn when you get to the install process later. I installed the latest version to be up to date and the Yarn prompt in terminal stated that it was expecting between 16.x to 19.x. I had to re-do my key ring and install 19.x to work.

Issue #2 – Created Peer Tube user not the right CHMOD.

The dependencies portion of the installation will create the user and the group that you need but will not provide the correct chmod against the folder and one time when I was running it, didn’t give the folder to the group. It wants the folder to be drwxr-xr-x. You will not only need to set that yourself, but I recommend chown the folder to the peertube user just to be safe. If you do not, it’ll throw errors later about not owning everything and will screw up your entire install (which happened to me the first time around).

Run the command:

sudo chmod 755 /var/www/peertube sudo chown peertube:peertube /var/www/peertube

That was you can be absolutely sure nothing is going tot get messed up with the install. Proceed from that point with the rest of the install.

Issue #3 – Prepping the production.yaml correctly and for Reverse Proxy

When you get to the point that you are to edit the production.yaml file, there are a few steps you need to take to make sure it is ready for setup and the reverse proxy.

To understand what I have set up, we're going to assume we have two servers. One named which is our internet facing machine and which is the machine you are hosting the peertube instance on. You are going to want to have to be able to send all the traffic to the other machine.

Setting up for reverse proxy

You are going to want to make sure the following is in the webserver portion of the yaml file.

webserver: https: true hostname: 'yourpeertube.instance” port: 443

Though with many programs that you can run behind a reverse proxy, the upstream machine doesn't have to be on 443 as the SSL and security work is being handled on the machine taking the traffic. in the case of peertube, you must hand the traffic from 443 to 443 and have the https set to true even though you do not have any certificates on the upstream location.

If you do not do this, you will get streaming errors with your HLS.js in the peertube log. They will look like:

HLS.js error: networkError - fatal: true - manifestLoadError

The other symptom is that your video will play in the browser you uploaded to it but not with any other machine or browser.

In the trust proxy: section, you want to add the line - '' right under - 'loopback. *pay attention to formatting as yaml needs the proper indentation.

The last part is go to database: and make sure the correct password for your database you setup earlier is actually there. The last three attempts to install per the instructions did not properly put the password there. You can enter it manually.

Issue #4 – Proper Reverse Proxy with Nginx

This really isn't an issue but more to save you time figure out what needs to be proxy_pass to the upstream machine.

Upstream Machine

On the machine hosting, strip out all the SSL certificate markers and everything but leave it listening to 443. (This includes the ssl and http2 after the port listening entry.)

It should look something like this:

server {

listen 443;

listen [::]:443;

server_name yourpeertube.instance ;


Do not worry about the ssl part. As a reminder, it's going to be handled by the internet facing machine. We are presently setting up the hosting machine.

Setting up Internet Facing Machine

This is a full example of the reverse proxy that has helped my server function. Please make sure to add your information here where it says yourpeertube.instance.

server {

if ($host = yourpeertube.instance) {

return 301 https://$host$request_uri;


listen 80; listen [::]:80;

server_name yourpeertube.instance;

return 404; }

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name yourpeertube.instance;

add_header Access-Control-Allow-Origins “*” always;

add_header Access-Control-Allow-Methods “*” always;

ssl_certificate /etc/letsencrypt/live/yourpeertube.instance/fullchain.pem;

sslcertificatekey /etc/letsencrypt/live/yourpeertube.instance/privkey.pem;

location ^~/ {

proxysetheader X-Forwarded-For $proxyaddxforwardedfor;

proxysetheader Host $host;

proxysetheader X-Real-IP $remote_addr;

proxy_pass http: //; #Make sure to change this to your actual internal IP;

clientmaxbody_size 0; } }


There you have it. After I got this all setup, I was able to communicate with my server, upload videos and the #fediverse portion worked to perfection. If you have any questions, you can reach out to me at my social media

— Jonathan S.

While perusing the internet trying to decide on what I want to put on this blog (besides the one that was just a basic), I realized there is A LOT of tutorials on how to setup mastodon, what the point of decentralized social media is and so forth.

It was a post on the instance I’m residing that gave me what to write. The nuances of living in this form of social media both as a user and as an admin. So, the first part will be for those who are looking for more information about being a user then for newbie admins, the things that I learned.

For ease as you read the first post, I am going to refer to Mastodon, Friendica, and other platforms as the “Decentralized Platforms” or “Fediverse platforms” and Twitter, Facebook, etc as the “Centralized Platforms” or “corporate controlled”. That way I’m not typing each one out all the time. If I need to make a note of a specific difference, I will then call the platform out by name.

Alright! Let’s get this show on the road!

Decentralized Services ARE NOT clones of the Centralized Services

One of the hardest things I have learned is that the decentralized services aren’t just knock-offs or clones of the major corporate controlled platforms that are available to everyone. The only thing that they share in common is their basic concept. To serve users data and information in a social way that promotes community.

If you are coming from one of the centralized platforms, you are used to having your friends, following the people you want to read and having the company serve you a daily list of interesting things they found for you based on search information you have done. It’s normal for you to be able to login, see what’s going on, and then posting a link or comment and keep going.

It’s great in a way that you don’t have to do the leg work to find new and interesting information but the trade off is that centralized platform keeps tabs on what you are doing. At minimum, they keep a profile on you and their users to help feed their computer program and at most, they then use the data to sell advertising space to other companies to target you with ads.

In short, a centralized social media needs money to run and decided that it uses your data to fund itself and then continue to sell it to make a profit for it’s shareholders. The one that comes first is the company.

A decentralized platform is, for the most part, opposite. Instead of taking care of shareholders and doing business, the fediverse services are designed around the concept of interoperability and being able to work with each other. The basic foundations the internet was built on. Down to the most basic of things, a fediverse server like Mastodon, is built to be run by someone but other things can communicate with it. The basics of interconnected computers.

This type of platform sacrifices one singular location and a helpful algorithm to find stuff and trade it that the user needs to do a lot of the work themselves.

In this vast planet of people, there are those who support either methodology to different amount of extremes. The question you should ask yourself is “What do you want?”

If you want a centralized system, there is no judgment from me and you do not have to keep reading this blog post. If you want to continue towards your exploration of the fediverse, then please keep on reading.

Don’t give up. I threw a lot at you but I felt it was important for you to understand the fundamental difference between the two. This isn’t a “run to alternate Twitter because of what Elon Musk is doing.” This is leaving one ecosystem for a brand new one.

So, you’re here and want to be part of the fediverse. What do you do?

That’s a very good question and you are not stupid in asking yourself. It’s actually one of the first key things as a newcomer you should consider. What do you want to do? Are you looking to make/share videos? Are you looking for a micro-blogging platform to share your thoughts? Are you someone who loves computers and want to get involved?

Those are questions you should answer before you move forward. In my case, I wanted to support decentralization so I’ve delved into creating my own instance and continue researching everything so that I can contribute and provide blog articles like this.

For ease of this post, I’m going to assume that you are looking to find a place to continue your social media experience. It’s the easiest to get started.

I’m going to assume you have found a home for your account. If not, check out this blog article for that sort of information.

So what do you do now? Here are a few things you should know about.

Golden Rule: Treat others as you wish to be treated

This might sound stupid to say out loud but the fediverse is built upon the concept of mutual respect and understanding. Rage culture is unacceptable and trolls are frowned upon. I would never give this advice anywhere else but when you get feedback, actually consider it before you ignore it. It could be a courtesy to help you. You’ll want to think it’s a troll but in this case, take a few moments, and then decide.

Nuance 1: Add context to your links (and use the content warnings)

On a centralized platform, it’s common to throw a link on there because the program would find all the info and display it in a nifty, little card. One of the best things you can do for yourself is to break that habit and add context to any link. Even if your fediverse service you are on has the ability, the ones that may be getting the information or the app viewing it may not.

One of the best things you can do is take the time to provide a small bit of information on what the link is about to give viewers an idea what they’re actually going to be clicking on.

Also, you can put content warnings on your posts. Be considerate. If you think someone may be offended or see something that is triggering, throw the content warning on there. Those who want to see it will click on it.

Nuance 2: Hashtags are not cringy; Hashtags are the backbone.

If you’ve been on social media long enough like I have, you have heard that hashtags are cringy and “they’ve ruined social media”.

In the case of a fediverse service, hashtags are actually the glue that sticks things together. In most every decentralized platform you can join has the ability to search through hashtags or even subscribe to them. The way for you to find new content you are interested in and new people to follow is through those hashtags. They are seen everywhere!

Now, do not go and hashtag every single word but keywords of your post so others who are interested in the same thing can find you.

Nuance 3 – You are your own Algorithm.

Are you not seeing anything in your feed? If not, there is a good chance you haven’t followed anyone because your feed is built of people you follow and in cases those who follow them. You are the one who curates what you can see and what shows up in your feed. Subscribing to hashtags, following users with ideas and thoughts like you are great ways to start filling up that feed with information to your liking.

You should follow indiscriminately and unfollow indiscriminately because that’s the only way you’re going to control what you see.

Nuance 4 – And follower and following count isn’t worth anything.

This is going to be the hardest thing to understand, especially if you are coming from a capitalistic platform where you have built a following.

The ratio of followers to following doesn’t mean shit here on the fediverse and that’s because of what we have talked about. People curate their own stuff so following and unfollowing is the way to get your feed the way you like. There is no value to how many followers you have except to understand that whatever your posting about has their interest. If you move on to a different number and your numbers shift, that’s just people adjusting their feed.

Don’t invest in your follower count. Invest in the engagement across the platform. You have to put emphasis on the social of social media, not the last word.


There is probably a lot that I am missing and that’s because I am still on this journey too. I have had the advantage of a wonderful group of people engaging with me and helping me make these adjustments and I wanted to pass on and provide that to anyone reading this too.

Until next time!

— Jonathan S.

It has been awhile since I have had the opportunity to sit down and write a blog post. Things have been hectic and some projects just fall by the wayside. One of the things I promised to do is write a blog post about my experiences running a single user instance.

 You’re all on your Own

After spending about a month on Infosec.exchange and learning the ups and downs of mastodon, I decided that the biggest thing I wanted to do was own my own instance where I could control my entire social media presence. Instead of existing on someone’s server, I wanted my own. So, I set up a single user interface.

One of the biggest challenges is not federation but re-connecting to everyone and seeing all the posts again. One of the major things that helped me is that I had already followed 100+ people so when I migrated my account, I was able to automatically re-follow all of them allowing my feed to fill up.

One of the impacts that never crossed my mind is that you immediately lose the use of the local feed portion of mastodon. If you were on a different instance, you could use that to see what was being talked about on the instance you inhabited but if you exist as a Single User Instance, all that page has is your own toots. You lose a major portion of finding new content to engage with.

What this does is make more effort required to explore other instances and follow people so that you can get a varied feed.

 If you don’t engage, you don’t exist.

Engaging and communicating becomes even more important because nobody can use their local feed button to find you and you will more than likely be drowned out in the federated feed. To engage and to be found and to talk with other people requires much more exploration and actually responding to posts with your thoughts and opinions so that more people see your handle.

I’m not saying that one should go and spam for attention or participate in clout chasing. I am simply pointing out the fact that the ability for someone to stumble on to you is much harder. You can join a relay but sometimes what you post is outweighed by the flood of what is sent to you.

This also means that the use of hashtags becomes critical. I have discovered it’s a fine line between two little hashtags and too much. 

Actively Managing your server is a Must

There is no one else on your instance that is blocking inappropriate or illegal servers, cleaning out the databases and media folders using the tootctl CLI. All the day to day managing to keep yourself up and running will be handled entirely by you.

(This won’t really apply if you are hosting with a site that promises to take care of that for you but many SUIs I have seen are hosted on their own machines).

It got so bad that I had to write a bash script to automate a lot of the cleaning for me weekly and still have to check on it to make sure it ran correctly, I don’t have to adjust the speed, etc.

This can become doubly worse if you follow a large relay and that relay can swamp your server, run you out of space, and when that happens, your instance goes down.

The safety and security of your server and your feed is one hundred percent on you.

 Need a Script?

I’ve actually offered the script I use for any Ubuntu servers on my public git. I’m still working on it but might give you a good place to start cleaning!


 Until next time!


— Jonathan S.

I cannot remember where I saw it (though I know it was on my Mastodon social feed), someone had said that an aspiring infosec specialist should consider creating a blog to document their dive into the world of computers and IT. Over the next few days I thought about it and realized that, not only was that a good idea, it could possibly help someone in the future who is struggling with the exact same issue as you were.

So, here I am, writing a blog post to document it and start of my adventure. Now, I have been an writer for a long period of time and consider myself more of an author than actually in information security. For anyone reading this blog, you’re going to find a wide variety of posts about all sorts of subjects but I’ll try to make sure that the subjects are clear enough for easy parsing for future searchers.

This blog post is short. I just wanted to get something posted while I work on designing the other posts including the issues I have had with my pursuit of decentralizing my presence on the internet.

If any of this looks interesting to you or you want to follow along, feel free to subscribe or if you are part of any social media like mastodon, you can also follow the blog as it has been federalized!

Until next time!

— Jonathan S.