@dwarf@fedibird.com wow, I'm getting a reputation! 😁

@dakkar I've updated to the latest Sharkey version, after which it seems that messages sent from my instance are no longer accepted by remote instances, the error they receive is as follows:

`WARN 1 [queue inbox] failed(UnrecoverableError: skip: http-signature verification failed and no LD-Signature. keyId=https://borg.social/users/8zr4l1k0do#main-key`

@dwarf@fedibird.com uh… that's very surprising, but it may also be not just your instance
let me check a few things

@dwarf@fedibird.com ok, my instance can talk to shonk.social without problems, so it's not "all sharkeys are broken"

@dwarf@fedibird.com can you send me a DM from borg.social?

@dakkar sure thing!

@dwarf@fedibird.com ok, received and got the error

@dwarf@fedibird.com I have those errors from borg.social and a.gup.pe

@dwarf@fedibird.com could you run this:

select "publicKey" from "user_keypair" where "userId"='8zr4l1k0do';

and send me the output? it's your public key, so nothing secret. We may switch to DM anyway to avoid spamming our followers' timelines, though

for the people watching at home: something in borg.social (probably CloudFlare) was modifying the body of outbound POST requests, transforming "content":"…" into "content":"…"

when Sharkey received such a request, it failed to parse the body as JSON (because it's not well-formed), so it kept the body as a string, and when the signature verification code checked whether the .actor field of the activity matched the signature's author, failed because the activity string does not have a .actor field…

that was quite painful to diagnose!

@dwarf @dakkar dwarf, didn't you muck around with modsecurity recently?

@4censord @dakkar correct, it was turned off!

@dwarf @dakkar did you ever get it to work correcty?

@4censord@unfug.social @dwarf@fedibird.com @dakkar@s.thenautilus.net Yes, cloudflare caching seems to have caused the problem. (don't ask me why, I don't understand why)

@dwarf@borg.social @dwarf@fedibird.com @dakkar maybe some kind of xss protection?

is your modsecurity ruleset available somewhere?

@4censord@unfug.social modsecurity was turned off, so it wasn't relevant. My ruleset is the default+owasp plus some really nasty hacks to turn certain rules off because that was easier than finding out how to escape it correctly. It's now turned off completely because there's too many edge-cases surrounding the Accept header (it's a nasty 20+ lines regex)

@dwarf > modsecurity was turned off, so it wasn't relevant.
Yeah, i got that. I just remembered your ranting about that regex, and was wondering whether you ever go that part to work
> plus some really nasty hacks
I see

On that note, how did your Postgres tuning go, did you have any further problems?

@4censord@unfug.social the performance remains crappy even after the tuning, sadly :(