Lemmy

Title says it all. I’m just trying to figure it all out.

I know wefwef offers an importer for the export offered from Apollo but i was too late and with Apollos shutdown i can't access that menu.

Are there any websites or tools out there that read through the subs you're subbed to and offer similar alternatives that already exist on the Fediverse?

Thanks.

Any future plans on developing lemmy video upload support?

cross-posted from: https://lemmy.ml/post/1808829

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This release includes major improvements to performance, specifically optimizations of database queries. Special thanks to @phiresky, @ruud, @sunaurus and many others for investigating these. Additionally this version includes a fix for another cross-site scripting vulnerability. For these reasons instance admins should upgrade as soon as possible.

As promised, captchas are supported again. And as usual there are countless bug fixes and minor improvements, many of them contributed by community members.

Upgrade instructions

Follow the upgrade instructions for ansible or docker.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Support development

We (@dessalines and @nutomic) have been working full-time on Lemmy for almost three years. This is largely thanks to support from NLnet foundation.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they've proven to be the only way that open-source software like Lemmy can stay independent and alive.

When disabling the "show read posts" option it also hides the posts made by oneself in one own's profile.
I think it would be better to keep own posts in your own profile always visible.

if i filter by any "hot" or "active" it looks like there are no post in the community. If i filter by anything else it shows all the post history. Is this a bug?

So I am hosting an instance for myself and I have noticed that when I go into Admin Settings (cog symbol) I get a beefy list of Banned Users on the right but I didn't ban any of them.

Is this just unintuitive UI?

The way I thought this works is when I, as admin, ban user from my instance then that user won't be able to log-in here anymore but when I ban a user from other instance then anything from that user won't show up at all on my instance (kind of like shadow ban, but only for users of my instance).

E: I am the only admin/mod on my instance - the only user able to ban users, so there is noone else who could have banned someone without my knowledge.

Upd: Bans are federated and it makes sense, thanks /u/stown@sedd.it

As we are concerned about privacy, I am curious just to understand if lemmy can be at some point exploited by someone to profile its users.

I commented on a post a while back and thought I'd check it out again to see if there was any additional discussion. When I clicked into my comment to get to the original post, I realized the post itself had been removed. I'd like to go into the modlog and see why it was deleted but I can only filter by user. Is there a way I could download a text version of the modlog and search for the post id there?

As an internet oldie, my Lemmy experience has given me a serious throwback to the childhood of the internet.

The last couple of weeks I have read more genuine articles, blogs and been exposed to more real people than I've been in a long time. I had forgotten what internet was before seo and bots, but you have reminded me.

So, I just want to say thank you to all of you magnificent people here!

We have piracy content on the frontpage, but no corporate owners who could do the producers bidding and delete it.

We not only have community run subs, but whole servers.

What a time to be alive.

I've observed this with a few communities today, both local and federated. Is anyone else experiencing this?

If I report something on a remote community, where does the report go?

I know that as an instance admin, I'm getting a report. But do the moderators of the community and the server admins it is on also receive a report?

This video is more from a users perspective and less from an admins! I am trying to up my production quality as I can, let me know what you think!

Also I shared this with my test account a minute ago and deleted it, sorry for the double share!

Might be useful for example for creating bots, various dashboards etc.

EDIT: Lemmy Go is now available for Chrome and Firefox

I had a shortcut for subreddits, where I would just type r beekeeping in the address bar and it would take me to /r/beekeeping right away. For Lemmy, this isn't very convenient, since you gotta specify the instance for any communities outside your own instance.

I'm trying to make a browser extension to bring back that kind of quick navigation. In this case if you type lc beekeeping in your address bar and press enter, it will navigate to the most popular community it finds in any instance, and it will show that community in your local instance.

If you don't press enter right away, it will show multiple communities that match your query, so this can also be a quicker way to find new communities without knowing the exact name.

I'm checking if people would be interested just to see if it's worth the trouble to polish it up, add user settings, and publish the extension to the stores.

doing my part

I'm not a programmer so I don't know how easily this could be done or how it'll work, but I had this idea while trying to manually move all my current lemmy.ml subscribed communities to my new instance.

With threads coming to the Fidiverse, I feel dirty and violated. I don't care about my posts being accessible from various instances, but I fucking don't want meta to use what I write, from my username to my subbed communites and such.

I leave in Europe where the app is not allowed right now. How can I protect myself from meta ?

One thing I missed during the reddit era was user avatars. I always found it much easier to recognize posters this way. The lack of avatars next to a post made that whole era feel faceless. I'm glad avatars are included in profiles, and I think they should be brought back into the main UI.

I currently use Connect on Android, which puts a small (10x10px approx) avatar next to names. It would be cool to have an option to enlarge this, but it seems like a step forward.

For example, an instance may have blocked lemmy.world, but I can still see their communities in the search from lemmy.world. I'm not sure how to tell if they are blocked or not.

I tried what another user reported and it worked. I submitted a github issue as the security email seems to be unmonitored based on me trying to contact it (regarding a different issue) for over a week now.

Be careful about links you click in Lemmy, I guess.

cross-posted from: https://sh.itjust.works/post/774797

What is XSS?

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code can be inserted in several ways. Most popularly, it is either added to the end of a url or posted directly onto a page that displays user-generated content. In more technical terms, cross-site scripting is a client-side code injection attack. https://www.cloudflare.com/learning/security/threats/cross-site-scripting/

Impact

One-click Lemmy account compromise by social engineering users to click your posts URL.

Reproduction

Lemmy does not properly sanitize URI's on posts leading to cross-site scripting. You can see this working in action by clicking the "link" attached to this post on the web client.

To recreate, simply create a new post with the URL field set to: javascript:alert(1)//

Patching

Adding filtering to block javascript: and data: URI's seems like the easiest approach.