'/%3e%3cpath%20d='M50.3943%2022.237V39.5876H43.5185V22.7481C43.5185%2019.2029%2042.0411%2017.3949%2039.036%2017.3949C35.7325%2017.3949%2034.0778%2019.5338%2034.0778%2023.7585V32.9759H27.2434V23.7585C27.2434%2019.5338%2025.5857%2017.3949%2022.2822%2017.3949C19.2949%2017.3949%2017.8027%2019.2029%2017.8027%2022.7481V39.5876H10.9298V22.237C10.9298%2018.6918%2011.835%2015.8754%2013.6453%2013.7877C15.5128%2011.7049%2017.9623%2010.6355%2021.0028%2010.6355C24.522%2010.6355%2027.1813%2011.9885%2028.9542%2014.6917L30.665%2017.5633L32.3788%2014.6917C34.1517%2011.9885%2036.811%2010.6355%2040.3243%2010.6355C43.3619%2010.6355%2045.8114%2011.7049%2047.6847%2013.7877C49.4931%2015.8734%2050.3963%2018.6899%2050.3943%2022.237Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_89_8'%20x1='30.5'%20y1='0'%20x2='30.5'%20y2='65'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%236364FF'/%3e%3cstop%20offset='1'%20stop-color='%23563ACC'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e)
We are planning to release new Mastodon security updates for versions 4.1, 4.2 and nightly this Thursday, Jul 04, at 15:00 UTC. It solves multiple security issues, including a major one. We encourage server administrators to plan for a timely upgrade to ensure their Mastodon server is protected.
@MastodonEngineering wow, way to intentionally fuck over all of your US-based admins. Uncool timing here.
@MastodonEngineering
Yes, I'm sure your american server admins don't have any family obligations at that time.
@SmashToday@discuss.smash.today @MastodonEngineering@mastodon.social would you prefer to just wait around for someone malicious to get on it 
@privateger @SmashToday If it was in-the-wild it'd be deployed right now, I'd think, and not waiting for a scheduled time? I'm not sure what their deployment schedule is.
But if it is not in the wild and scheduled for a future date, let's be honest, it could wait another day.
@MastodonEngineering bruh, you jerk
@MastodonEngineering @jon You may want to bump that by a few days. 7/4 is a big American holiday.
@MastodonEngineering While I realize the U.S. isn't the entire world, the decision to release this information and update on a major U.S. holiday when many administrators may not be in a position to act promptly seems somewhat problematic.
@lauren @MastodonEngineering I suspect they think Mastodon is mostly run by amateurs, who have more time for admin on a bank holiday than on a workday? Either that, or they're German and forgot about UK General Election day (sorry).
@cstross @MastodonEngineering There are amateurs with families who like, go out all day and do stuff on July 4. Please inform the Germans. Thank you.
@indigo @MastodonEngineering @cstross It is absolutely a TERRIBLE idea to release information that will ENABLE an exploit on weekends, holidays, and other days when it can be anticipated that many administrators will not be available. Except in situations of significant ACTIVE EXPLOITATION of a security problem, many firms I know explicitly prohibit such a release schedule.
Is this a significant active exploitation situation? I'm listening.
@indigo @MastodonEngineering @cstross C'mon. The existence of a security hole with an upcoming patch does not in and of itself imply that it is being significantly exploited. Once the patch is publicly released, the exploit will be obvious to the world. This isn't rocket science, just basic security practices used by non-amateur organizations around the world.
@lauren @indigo @MastodonEngineering @cstross
I agree with Lauren here. Unless there is a POC out there, the vuln is under active exploitation or otherwise known, pretty please don’t shove this on people at the beginning of a weekend or holiday.
@avuko @lauren @indigo @MastodonEngineering @cstross
Do people really do this? Find a day that's not a bank holiday in any of the major dozen economies and only release security patches at that time?
If this really is a thing there will be online calendars telling us what specific days are appropriate for releasing such information. I'd be happy to be pointed to one.
@indigo @MastodonEngineering @cstross Says who? I haven't heard anything about active exploitation of this bug. Again, I'm listening.
@MastodonEngineering Don't expect a timely response in the United States. Much of the country will be off work and celebrating the Fourth of July.
@chockenberry You guys got any reason to celebrate?
@fennek @chockenberry The end of an era. Might want to celebrate with us, the next cycle might not be so hot. 
@MastodonEngineering Just saying, releasing a major security update on one of the biggest holidays per capita in the world is an interesting play.
Edit: As feedback, please make it a policy to check the national holidays list for the top 5 deployed countries before scheduling important work. Don't deploy intoxicated, people!
#mastoadmin #independenceday
@shanie @MastodonEngineering To be honest, holidays are the most likely time I am going to deploy disruptive updates at work, because nobody's there. :D
@shanie @MastodonEngineering as long as there are no Euro 2024 matches on that day, its cool
I *think* there are more inhabitants in the world for whom this is an average day than there are for whom this is a holiday...
@jan Perhaps, but the US holds the #1 spot for most Mastodon instances, so that'd be my backup statement. 
@shanie But does that mean most users? :)
The admins need to do the work, but the users are those that are impacted :) For we admins are nothing without our users.
@jan My appologies if that's how it was taken, "one of the biggest holidays" simply intended it's a large holiday for many people.
But you are correct; I would have simply hoped that Mastodon team would have checked the national holiday list for the top 5 countries before setting the date (United States, France, Germany, Japan, Finland). Maybe the 5th. Or the 3rd. I dunno, man, I just work here.
@shanie Yeah, i'm just being an ass. Sorry about that ;)
Tired and all :)
@jan No worries, I just edited my OP to include that feedback. Thank you and the others for healthy conversation!
@dokomi @shanie @MastodonEngineering if you don't count e.g., china (1.4billion people) or India (1.4 billion people) and their national holidays i guess?
@4censord "one of the biggest holidays per capita in the world".
Yeah, don't worry, they're counted.
@shanie then i don't seem to get what you mean.
Per capita => per number of people, right?
Earth has about 8.1 Billion people
The US has about 0.4 Billion people
=> Every ~27th person has the fourth of July as the USA Independence Day holiday
India has about 1.4 Billion people
=> Every ~6th person celebrates Indian Independence Day, but theirs is on the 15 of August
What am i missing?
@4censord "One of the" includes India too, and China. Sure "if you don't count china" you're correct, but "one of the biggest holidays per capita in the world" still includes China, still includes India.
I mean I'm not sure if you were trying to be nitpicky? The grammar holds up.
I'm happy to say Oktoberfest is also one of the biggest holidays per capita, and far less people celebrate that. But I don't want a patch on Oktoberfest either, for obvious reasons.
@shanie see, my confusion comes from the fact that i'd not have put "Independence Day in the USA" as one of the biggest holidays at all. We could argue that "Independence Day in general" is one of the biggest holidays, but every country seems to have it on different dates. Mostly, on the dates of their revolution.
And about Oktoberfest: might be important for many people, but i would not have seen it as "one of the biggest" holidays either.
@4censord Got it, that's understandable. Perhaps "One of the biggest holidays in the country that holds the most Mastodon instances" might have worked out better.
@shanie fair. Though AFAIK all/most of the mastodon core devs are European, so i'd guess it wasn't actually on purpose.
Also, it seems that they commonly release on a Thursday, so i'D say coincidence
@4censord That would make a lot of sense. Maybe I'll change my OP to make it feedback: to check holidays and adjust their policy to check for holidays in the top 5 deployed countries!
@shanie @MastodonEngineering Members of U.S. Mastodon servers are about to find out whether their Admins have a life or not.
@shanie @MastodonEngineering isn’t that US only?
@Ville "one of the biggest holidays per capita in the world". It's US, but still true.
@leuchtturm Habt Ihr schon gesehen, nehme ich an?
