Chaos Monster

From IndieWeb

This article is a stub. You can help the IndieWeb wiki by expanding it.


Chaos Monster is an opt-in IndieWeb project by Eddie Hinkle that aims to help IndieWeb resiliency similarly to how Chaos Monkey helps Netflix.

It is currently in-development, but when finished, you will be able to opt-in to receiving Chaos Monster interactions over various IndieWeb protocols, by sending it a webmention. By sending a delete webmention for the same post, it will leave you alone.

I'm currently collecting ideas and inspiration for how Chaos Monster can help YOUR site with better resiliency.

Cookie Monster meme that says 'Me want webmentions. Om nom nom.'

Ideas

  • low level: slow network responses
  • look at https://github.com/kbsriram/checkmention for ideas of different kinds of content to send
  • low level: gzip bombs, crazy HTML (had mf2 parsers crash on real websites with thousands of tags deep nesting)
  • avatars: giant, blinking, tiny, svg, weird file formats, imagemagick exploits
  • avatars: http://example.com/script.php then attempt to execute the php file if the server downloads it (see https://github.com/bastianallgeier/kirby-webmentions/commit/55bedea78ae9af916a9a41497bd9996417851502)
  • Research OAuth 2.0 potential issues and try sites' IndieAuth/Micropub auth safety
  • docs on common oauth pitfalls https://oauth.net/security/
  • WebSub surely has some fun corners too
  • idea: for those that opt in? Send spam webmentions
  • For those that don't opt-in but are obviously part of the IndieWeb, (like irc-people) consider sending a single spam webmention to prompt them to consider their webmention workflow, and then don't send any more unless they opt-in
Retrieved from "https://indieweb.org/wiki/index.php?title=Chaos_Monster&oldid=64036"