Chaos Monster

 Chaos Monster  is an opt-in IndieWeb project by that aims to help IndieWeb resiliency similarly to how Chaos Monkey helps Netflix.

It is currently in-development, but when finished, you will be able to opt-in to receiving Chaos Monster interactions over various IndieWeb protocols, by sending it a webmention. By sending a delete webmention for the same post, it will leave you alone.

I'm currently collecting ideas and inspiration for how Chaos Monster can help YOUR site with better resiliency.



Ideas

 * low level: slow network responses
 * look at https://github.com/kbsriram/checkmention for ideas of different kinds of content to send
 * low level: gzip bombs, crazy HTML (had mf2 parsers crash on real websites with thousands of tags deep nesting)
 * avatars: giant, blinking, tiny, svg, weird file formats, imagemagick exploits
 * avatars: http://example.com/script.php then attempt to execute the php file if the server downloads it (see https://github.com/bastianallgeier/kirby-webmentions/commit/55bedea78ae9af916a9a41497bd9996417851502)
 * Research OAuth 2.0 potential issues and try sites' IndieAuth/Micropub auth safety
 * docs on common oauth pitfalls https://oauth.net/security/
 * WebSub surely has some fun corners too
 * idea: for those that opt in? Send spam webmentions
 * For those that don't opt-in but are obviously part of the IndieWeb, (like irc-people) consider sending a single spam webmention to prompt them to consider their webmention workflow, and then don't send any more unless they opt-in