Lemmy

I feel like I've formed some sort of faithfulness towards dbzer0 and have a bias towards subs and users of my instance. Anybody else in the same boat?

I've wanted a badge that shows the instance uptime and couldn't find any, so I created one. It's available at https://uptime.lemmings.world/{your-domain}.svg and gets its data from fediverse.observer.

Examples:

• Lemmings.world: - https://uptime.lemmings.world/lemmings.world.svg
• Lemmy.world: - https://uptime.lemmings.world/lemmy.world.svg
• Lemmy.ml: - https://uptime.lemmings.world/lemmy.ml.svg
• discuss.tchncs.de: - https://uptime.lemmings.world/discuss.tchncs.de.svg (congrats on that uptime, by the way!)
• and so on

The documentation is available at https://uptime.lemmings.world. Feel free to use it for your instance if you wish to.

My previous account was on compuverse.uk, tho since about 1 week I cannot access the instance at all. I suppose either the hosting service destroyed it. The maintainer disappeared Or there are bigger issues about cloudflare routing or server issues.

There was a point where it was taking way too long to load, and then nothing. It is in accessible for me. I cannot access it through a vpn either.

Familiar faces resurfacing is nice and only possible on a smaller sized platform. Or clicking someones profile only to see a post I previously saw or commemted on.

I don't mean the recent selling API rights at absurd costs but when they went from open sourcish to closed.

cross-posted from: https://infosec.pub/post/2802322

This feature is long overdue, Lemmy is getting distracting, especially with worthless replies.

cross-posted from: https://lemmy.world/post/1208548

Ran a search & didn't see a thread on this, although there may be a Git issue raised on the subject. Nevertheless, I think it would be nice to have a setting from the profile & per post/comment to mute notifications for replies to posts or comments, as desired.

On Reddit there was no such account-level option so far as I'm aware, so you basically had to make it a habit to disable reply notifications on every, single, post & comment if you didn't want to see your inbox/notifications lit up.

I know this may be a little counter-intuitive, but after awhile I honestly don't want to see that someone randomly replied to one of my comments or posts from who knows how long ago. In the cases that I might, though, I'd leave the notifications on, of course.

I believe that the addition of an edit history would be a massive boon to the usefulness of Lemmy on the whole. A common problem with forums is the relatively low level of trust that users can have in another's content. When one has the ability to edit their posts, and comments this invites the possibility of misleading the reader -- for example, one can create a comment, then, after gaining likes, and comments, reword the comment to either destroy the usefulness of the thread on the whole, or mislead a future reader. The addition of an edit history would solve this issue.

Lemmy already tracks that a post was edited (I point your attention to the little pencil icon that you see in a posts header in the browser version of the lemmy-ui). What I am describing is the expansion of this feature. The format that I have envisioned is something very similar to what Element does. For example:

What this image is depicting is a visual of what parts of the post were changed at the time that it was edited, and a complete history of every edit made to the post -- sort of like a "git diff".

I would love to hear the feedback of all Lemmings on this idea for a feature -- concerns, suggestions, praise, criticisms, or anything else!

This post is the result of the current (2023-10-03T07:37Z) status of this GitHub post. It was closed by a maintainer/dev of the Lemmy repo. I personally don't think that the issue got enough attention, or input, so I am posting it here in an attempt to open it up to a potentially wider audience.

cross-posted from: https://sh.itjust.works/post/6400327

In case anyone is wondering, it's rqd2.

The definition of paraphilia is "a condition characterized by abnormal sexual desires, typically involving extreme or dangerous activities.", which can inclde pedophilia.

Don't be fooled by their rules, one of their biggest communities is a "MAP" community where they openly discuss pedophilia. They're likely larping as LGBTQ+ to make them look bad.

It has recieved 4 censures from fediseer due to the content contained on that instance

Not a good look for Lemmy to be promoting any instance like that.

You can see for yourself here

Update: A pull request was sent to remove the sus instance. It should no longer show up soon

Right now, unless someone is linked to an instance directly, the first point of entry is usually join-lemmy.org, and let's face it, it's completely uninviting.

The first few screenshots give off a Rust nerd vibe, and you have a "join a server" button shown to you before you even get to see some short explanation of how the Fediverse works.

In contrast, https://matrix.org/ and https://joinmastodon.org/ (which btw also has this "join a server" shown too early problem, but they kind of go around it by linking a default instance) feel much more welcoming.

Maybe we could have a contest to make join-lemmy.org better? Not just the layout, the wording is also way too technical for the most part and deserves to be reviewed by people with more of a marketing mindset.

We could also have a similar one to make a short introductory video, like what was done by Framasoft (a French non-profit) in this video: https://peertube.fr/w/9dRFC6Ya11NCVeYKn8ZhiD (or probably just reuse that video if there's not enough interest in making a similar Lemmy-focused one?)

Would be really cool to have creative people contribute that way to Lemmy without necessarily coding!

Because of the time it takes for mods to moderate content on Lemmy, the"new" sort's been prone to abuse.

Could a "delayed new" sort, where the newest content x hours ago is shown be introduced to help suppress this problem?

cross-posted from: https://lemmy.ml/post/5712030

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This release fixes a problem with federation of moderation actions performed by admin accounts. Specifically there is an check when receiving remote federation actions, which is incorrectly rejecting them in some cases. The problem is fixed by this release.

There are no other changes, and no updated lemmy-ui version.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they’ve proven to be the only way that open-source software like Lemmy can stay independent and alive.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Upgrade instructions

Follow the upgrade instructions for ansible or docker. There are no config or API changes with this release.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Changes

Lemmy

• Fix federation of admin actions (#3988)

We are getting closer to the next major release. This version will have many breaking changes, so we are listing them here for app and client developers to adjust their projects.

As we prepare for the release of Lemmy 0.19.0, we'd like to provide any app or client developers ample time to upgrade their apps, as well as discover any problems, before we do the release. This will be at least 4 weeks from now (but likely longer).

Server admins can also upgrade to the latest release candidates for testing. Be aware that they are still unstable and shouldn't be used in production. As with any upgrade it is important to have working backups in place.

It should be possible for clients to support both Lemmy 0.18 and 0.19 without major workarounds. If backwards compatibility is causing you trouble, comment below and we will help to find a solution.

To test, you can point your app to the following test instance running a release candidate of 0.19.0: https://voyager.lemmy.ml

A diff of API changes is here: lemmy-js-client API changes from 0.18.3 -> 0.19.0-rc's

Note for developers not using typescript or rust:

If you'd like to auto-generate an API client for your language, you can try out @MV-GH's lemmy_openapi_spec, or (if in kotlin), use Jerboa's script here.

Major Changes

Authentication

Previous Lemmy versions used to take authentication as query/post parameters. This is insecure and unnecessarily complicated. With 0.19, the jwt token can be passed either as cookie with name auth, or as header in the form Authorization: Bearer .

A major advantage is that this allows us to send proper cache-control headers, with responses to unauthenticated users being cacheable. It also prevents token leaks in web server logs. The login and registration endpoints attempt to set the cookie automatically. If that is supported on your platform, you don't have to worry about the authentication token at all.

In order for your client to be compatible with both Lemmy 0.18 and 0.19, you should send auth in both ways. Meaning with each API call, send the old auth query/post parameter, as well as the new header or cookie.

A few PRs detailing these changes:

• https://github.com/LemmyNet/lemmy/pull/3725
• https://github.com/LemmyNet/lemmy/pull/3926
• https://github.com/LemmyNet/lemmy/pull/3946
• https://github.com/LemmyNet/lemmy/pull/3982

Users can block instances

Users can now block instances, so that their communities are hidden from listings. This is done via POST /api/v3/site/block with parameters int instance_id, bool block.

https://github.com/LemmyNet/lemmy/pull/3869

New sort options

A new scaled sort option has been added. This sort is identical to the Hot sort, but also takes into account the number of each community's active monthly users, and so helps to boost posts from less active communities to the top.

https://github.com/LemmyNet/lemmy/pull/3907

2FA / TOTP Rework

Two-Factor-Authentication is now enabled in a two-step process to avoid locking yourself out. Now a secret needs to be generated first with POST /api/v3/user/totp/generate (no parameters). The generated token needs to be added by the user to an authenticator app.

Once this is completed, 2FA can be enabled with POST /api/v3/user/totp/update. This takes a string parameter totp_token (generated by authenticator app), and boolean enabled. 2FA can be disabled again with the same update endpoint. Additionally, the 2FA algorithm has been changed to SHA1 for better compatibility.

The update disables 2FA for all accounts, so that users who are locked out can use their accounts again, and to ease the transition to the SHA1 algorithm.

https://github.com/LemmyNet/lemmy/pull/3959

Timestamps now include timezone

Previous Lemmy versions used timestamps without any timezone internally. This caused problems when federating with other software that uses timezones.

Going forward, all timestamps in the API are switching from timestamps without time zone (2023-09-27T12:29:59.113132) to ISO8601 timestamps (e.g. 2023-10-29T15:10:51.557399+01:00 or Z suffix). In order to be compatible with both 0.18 and 0.19, parse the timestamp as ISO8601 and add a Z suffix if it fails (for older versions).

https://github.com/LemmyNet/lemmy/pull/3496

Cursor based pagination

0.19 adds support for cursor based pagination on the /api/v3/post/list endpoint. This is more efficient for the database. Instead of a query parameter ?page=3, listing responses now include a field "next_page": "Pa46c" which needs to be passed as ?page_cursor=Pa46c. The existing pagination method is still supported for backwards compatibility, but will be removed in the next version.

https://github.com/LemmyNet/lemmy/pull/3872

New endpoints for export/import of user settings data

Users can now export their profile settings data (including subscriptions and blocklists) via GET /api/v3/user/export. The returned JSON data should not be parsed by clients, but directly downloaded as a file. Backups can be imported via POST /api/v3/user/import.

https://github.com/LemmyNet/lemmy/pull/3976

Make remove content optional during account deletion

When a user deletes their own account using POST /api/v3/user/delete_account, there is a new parameter called delete_content. If it is true, all posts, comments and other content created by the user are deleted (this is the previous default behaviour). If it is false, only the user profile will be marked as deleted.

https://github.com/LemmyNet/lemmy/pull/3817

Outgoing Federation Queue

The federation queue has been rewritten to be much more performant and reliable. This is irrelevant for client developers, but admins should look out for potential federation problems. If you run multiple Lemmy backends for horizontal scaling, be sure to read the updated documentation and set the new configuration parameters. The Troubleshooting section has information about how to find out the state of the federation queues.

https://github.com/LemmyNet/lemmy/pull/3605

or maybe some other terminology would be better? lots of people get confused when you ask them to choose an instance, sometimes I think even the word "proxy", "host", or "hub" is simpler

the specific terms aren't my point, just a discussion to see if we can come up with a better name

https://join-lemmy.org/docs/users/03-votes-and-ranking.html

"New Comments: Bumps posts to the top when they are created or receive a new reply, analogous to the sorting of traditional forums"

I feel like this is underutilized and can be really good for keeping old discussions alive and reused. It brings us back to the old school forums ways. On Reddit you see the same questions being asked over and over again every month or so (especially like on r/movies), if they had the New Comments sorting method then they wouldn't have to do that. And if you could subscribe to a post to get notifications about new comments that would be even better.

Now I'm also thinking Lemmy could have a Mixed sorting option to combine some of the main sorting methods, so you could see posts from Active, Hot, Top 6 hours, and New Comments all mixed together.

Red line is default, and the blue line is # of votes multiplied by 1000. x is rank, y is time. z = number of votes and has a slider to change the value.

publicação cruzada de: https://lemmy.world/post/5837469

Since I moved my server to ipv6 only federation broke. I'm guessing this server is acessible trough the cloudflare proxy, but the underlying server is unable to connect to mine

I have created a selfhosted instance from scratch a couple of days ago and everything seems to be working well, however, 3rd party apps (Memmy, Voyager) complain that my profile at "/u/michael@leuker.me" does not exist ...

I tried replicating this in the webinterface and indeed, while "/u/michael" displays the profile as expected, "/u/michael@leuker.me" gives a "couldnt_find_that_username_or_email" error. Perhaps I am missing the obvious (see log and config below), but this seems to be working on other instances (and is expected by the apps mentioned above) and any pointers would be greatly appreciated!

Log output:

Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.313311Z  WARN Error encountered while processing the incoming HTTP request: lemmy_server::root_span_builder: couldnt_find_that_username_or_email: expected value at line 2 column 5
Sep 23 09:48:16 lemy lemmy_server[58804]:    0: lemmy_apub::fetcher::resolve_actor_identifier
Sep 23 09:48:16 lemy lemmy_server[58804]:              at crates/apub/src/fetcher/mod.rs:21
Sep 23 09:48:16 lemy lemmy_server[58804]:    1: lemmy_apub::api::read_person::read_person
Sep 23 09:48:16 lemy lemmy_server[58804]:            with data=Query(GetPersonDetails { person_id: None, username: Some("michael@leuker.me"), sort: Some(New), page: Some(1), limit: Some(20), community_id: None, saved_only: None, auth: Some(Sensitive) })
Sep 23 09:48:16 lemy lemmy_server[58804]:              at crates/apub/src/api/read_person.rs:17
Sep 23 09:48:16 lemy lemmy_server[58804]:    2: lemmy_server::root_span_builder::HTTP request
Sep 23 09:48:16 lemy lemmy_server[58804]:            with http.method=GET http.scheme="http" http.host=leuker.me http.target=/api/v3/user otel.kind="server" request_id=b95e4f8d-5f30-4549-8e99-e0cd1e036046 http.status_code=400 otel.status_code="OK"
Sep 23 09:48:16 lemy lemmy_server[58804]:              at src/root_span_builder.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    3: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=local task.name= task.id=4701 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/service.rs" loc.line=74 loc.col=17
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    4: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=local task.name= task.id=26 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs" loc.line=367 loc.col=29
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]:    5: tokio::task::runtime.spawn
Sep 23 09:48:16 lemy lemmy_server[58804]:            with kind=block_on task.name= task.id=25 loc.file="/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs" loc.line=402 loc.col=32
Sep 23 09:48:16 lemy lemmy_server[58804]:              at /home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs:16
Sep 23 09:48:16 lemy lemmy_server[58804]: LemmyError { message: Some("couldnt_find_that_username_or_email"), inner: expected value at line 2 column 5, context: SpanTrace [{ target: "lemmy_apub::fetcher", name: "resolve_actor_identifier", file: "crates/apub/src/fetcher/mod.rs", line: 21 }, { target: "lemmy_apub::api::read_person", name: "read_person", fields: "\u{1b}[3mdata\u{1b}[0m\u{1b}[2m=\u{1b}[0mQuery(GetPersonDetails { person_id: None, username: Some(\"michael@leuker.me\"), sort: Some(New), page: Some(1), limit: Some(20), community_id: None, saved_only: None, auth: Some(Sensitive) })", file: "crates/apub/src/api/read_person.rs", line: 17 }, { target: "lemmy_server::root_span_builder", name: "HTTP request", fields: "\u{1b}[3mhttp.method\u{1b}[0m\u{1b}[2m=\u{1b}[0mGET \u{1b}[3mhttp.scheme\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"http\" \u{1b}[3mhttp.host\u{1b}[0m\u{1b}[2m=\u{1b}[0mleuker.me \u{1b}[3mhttp.target\u{1b}[0m\u{1b}[2m=\u{1b}[0m/api/v3/user \u{1b}[3motel.kind\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"server\" \u{1b}[3mrequest_id\u{1b}[0m\u{1b}[2m=\u{1b}[0mb95e4f8d-5f30-4549-8e99-e0cd1e036046 \u{1b}[3mhttp.status_code\u{1b}[0m\u{1b}[2m=\u{1b}[0m400 \u{1b}[3motel.status_code\u{1b}[0m\u{1b}[2m=\u{1b}[0m\"OK\"", file: "src/root_span_builder.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=local task.name= task.id=4701 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/service.rs\" loc.line=74 loc.col=17", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=local task.name= task.id=26 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs\" loc.line=367 loc.col=29", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }, { target: "tokio::task", name: "runtime.spawn", fields: "kind=block_on task.name= task.id=25 loc.file=\"/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/actix-server-2.1.1/src/worker.rs\" loc.line=402 loc.col=32", file: "/home/rust/.cargo/registry/src/index.crates.io-6f17d22bba15001f/tokio-1.29.1/src/util/trace.rs", line: 16 }] }
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.313380Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/user?username=michael%40leuker.me&sort=New&page=1&limit=20&auth=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjIsImlzcyI6ImxldWtlci5tZSIsImlhdCI6MTY5NTQ2MTU2NX0.dgg4VoY7rhG2JivMv3JxVKOHESKj_ELeXfAQS3R8ce4 HTTP/1.1' 400 47 '-' 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)' 0.042611
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.547471Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/user/unread_count?auth=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOjIsImlzcyI6ImxldWtlci5tZSIsImlhdCI6MTY5NTQ2MTU2NX0.dgg4VoY7rhG2JivMv3JxVKOHESKj_ELeXfAQS3R8ce4 HTTP/1.1' 200 47 'https://leuker.me/u/michael@leuker.me' 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36' 0.003553
Sep 23 09:48:16 lemy lemmy_server[58804]: 2023-09-23T09:48:16.595166Z  INFO actix_web::middleware::logger: 10.200.106.2 'GET /api/v3/site HTTP/1.1' 200 10527 '-' 'node-fetch/1.0 (+https://github.com/bitinn/node-fetch)' 0.011685

nginx config:

server {                                                                                                                                                                                                        
    listen 443      ssl http2;                                                                                                                                                                                  
    listen [::]:443 ssl http2;                                                                                                                                                                                  
    server_name leuker.me;                                                                                                                                                                                      
                                                                                                                                                                                                                
    ssl_certificate /etc/ssl/letsencrypt/lemy.leuker.me/fullchain.pem;                                                                                                                                          
    ssl_certificate_key /etc/ssl/letsencrypt/lemy.leuker.me/key.pem;                                                                                                                                            
    ssl_dhparam /etc/ssl/dhparams.pem;                                                                                                                                                                          
                                                                                                                                                                                                                
    ssl_protocols TLSv1.2 TLSv1.3;                                                                                                                                                                              
    ssl_prefer_server_ciphers on;                                                                                                                                                                               
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';                                                                                                                            
    ssl_session_timeout  10m;                                                                                                                                                                                   
    ssl_session_cache shared:SSL:10m;                                                                                                                                                                           
    ssl_session_tickets on;                                                                                                                                                                                     
    ssl_stapling on;                                                                                                                                                                                            
    ssl_stapling_verify on;                                                                                                                                                                                     
                                                                                                                                                                                                                
    # Upload limit, relevant for pictrs                                                                                                                                                                         
    client_max_body_size 20M;                                                                                                                                                                                   
                                                                                                                                                                                                                
    # Enable compression for JS/CSS/HTML bundle, for improved client load times.                                                                                                                                
    # It might be nice to compress JSON, but leaving that out to protect against potential                                                                                                                      
    # compression+encryption information leak attacks like BREACH.                                                                                                                                              
    gzip on;                                                                                                                                                                                                    
    gzip_types text/css application/javascript image/svg+xml;                                                                                                                                                   
    gzip_vary on;                                                                                                                                                                                               
                                                                                                                                                                                                                
    # Various content security headers                                                                                                                                                                          
    add_header Referrer-Policy "same-origin";                                                                                                                                                                   
    add_header X-Content-Type-Options "nosniff";                                                                                                                                                                
    add_header X-Frame-Options "DENY";                                                                                                                                                                          
    add_header X-XSS-Protection "1; mode=block";

    ## Frontend                                                                                                                                                                                                 
    location / {                                                                                                                                                                                                
        set $proxpass "http://127.0.0.1:1234";                                                                                                                                                                  
                                                                                                                                                                                                                
        if ($http_accept = "application/activity+json") {                                                                                                                                                       
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {                                                                                                          
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        if ($request_method = POST) {                                                                                                                                                                           
          set $proxpass "http://127.0.0.1:8536";                                                                                                                                                                
        }                                                                                                                                                                                                       
        proxy_pass $proxpass;                                                                                                                                                                                   
                                                                                                                                                                                                                
        rewrite ^(.+)/+$ $1 permanent;                                                                                                                                                                          
                                                                                                                                                                                                                
        # Send actual client IP upstream                                                                                                                                                                        
        proxy_set_header X-Real-IP $remote_addr;                                                                                                                                                                
        proxy_set_header Host $host;                                                                                                                                                                            
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                                            
    }                                                                                                                                                                                                           
                                                                                                                                                                                                                
    ## Backend                                                                                                                                                                                                  
    location ~ ^/(api|pictrs|feeds|nodeinfo) {                                                                                                                                                                  
      proxy_pass http://127.0.0.1:8536;                                                                                                                                                                         
      proxy_http_version 1.1;                                                                                                                                                                                   
      proxy_set_header Upgrade $http_upgrade;                                                                                                                                                                   
      proxy_set_header Connection "upgrade";                                                                                                                                                                    
                                                                                                                                                                                                                
      # Send actual client IP upstream                                                                                                                                                                          
      proxy_set_header X-Real-IP $remote_addr;                                                                                                                                                                  
      proxy_set_header Host $host;                                                                                                                                                                              
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;                                                                                                                                              
    }
}

lemmy config:

{                                                                                                                                                                                                                                                                                                                                                                                                                       
database: {                                                                                                                                                                                                     
    user: "user"                                                                                                                                                                                                
    password: "password"                                                                                                                                                        
    host: "host"                                                                                                                                                                                        
    port: 5432                                                                                                                                                                                              
    database: "database"                                                                                                                                                                                            
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  pictrs: {                                                                                                                                                                                                     
    url: "http://127.0.0.1:8080/"                                                                                                                                                                               
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  email: {                                                                                                                                                                                                      
    smtp_server: "10.200.111.2:25"                                                                                                                                                                              
    smtp_from_address: "lemmy@leuker.me"                                                                                                                                                                        
    tls_type: "none"                                                                                                                                                                                            
  }                                                                                                                                                                                                             
                                                                                                                                                                                                                
  hostname: "leuker.me"                                                                                                                                                                                         
  bind: "127.0.0.1"                                                                                                                                                                                             
  port: 8536                                                                                                                                                                                                    
  tls_enabled: true                                                                                                                                                                                                                                                                                                                                                                                                       
} 

cross-posted from: https://lemmy.dbzer0.com/post/4695652

Just a quick update for people using pict-rs workers, to grab the latest release, and set the 2 new variables as they want them

SCAN_BYPASS_THRESHOLD (default 10): If this amount of images are waiting for scanning, pictrs-safety will start retuning "OK" for each new scan after that. This will prevent overloaded workers causing all further uploads from bouncing.

MISSING_WORKER_THRESHOLD (default 5): If this amount of seconds have passed since a scanning worker last checked in, start returning "OK" for each new scan after that. This will prevent a crashed worker from causing all images to bounce.

You can set either of these to 0 to turn off their functionality

Hey everyone, I was wondering what you think about having a bot for nightly builds to test the latest changes and discover regressions. This would allow some instances to test the latest changes and discover regressions so that we don't get stuck with those until the next big release. I think this would be a great way to improve the user experience. What do you think?

Some years ago we used to post weekly development updates to let the community know what we are working on. For some reason we stopped posting these updates, but now we want to continue giving you information every two weeks about the recent development progress. This should allow average users to keep up with development, without reading Github comments or knowing how to program.

We've been working towards a v0.19.0 release of Lemmy, which will include several breaking API changes. Once this is ready, we'll post the these changes in dev spaces, and give app developers several weeks to support the new changes.

This week @nutomic finished implementing the block instance feature for users. It allows users to block entire instances, so that all communities from those instances will be hidden on the frontpage. Posts or comments from users of blocked instances in other communities are unaffected. He also reworked the 2-Factor-Authentication implementation, with a two-step process to enable 2FA which prevents locking yourself out. Additionally he is reworking the API authentication to be more ergonomic by using headers and cookies. Finally he is adding a feature for users to import/export community follows, bocklists and profile settings.

@dessalines is currently implementing a redesign of the join-lemmy.org website. He is also keeping the lemmy-js-client updated with the latest backend changes 1 2 3.

@phiresky optimized the way pagination is implemented. He is also fixing problems with federation workers which are causing test failures and performance problems in the development branch. These problems were introduced during a complex rewrite of the federation queue which was recently finished, and is thought to allow Lemmy federation to scale to the size of Reddit.

@SleeplessOne1917 is implementing remote follow functionality, which makes it easy to follow communities from your home instance while browsing other instances. He is also fixing problems with the way deleted and removed comments are handled .

@codyro and @ticoombs have been making improvements to lemmy-ansible, including externalizing the pict-rs configuration, adding support for AlmaLinux/RHEL, cleaning up the configuration, as well as versioning the deploys. These will make deploying and installing Lemmy much easier.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

cross-posted from: https://lemmy.dbzer0.com/post/4500908

In the past months, there's a been a issue in various instances where accounts would start uploading blatant CSAM to popular communities. First of all this traumatizes anyone who gets to see it before the admins get to it, including the admins who have to review to take it down. Second of all, even if the content is a link to an external site, lemmy sill caches the thumbnail and stores it in the local pict-rs, causing headaches for the admins who have to somehow clear that out. Finally, both image posts and problematic thumbnails are federated to other lemmy instances, and then likewise stored in their pict-rs, causing such content to be stored in their image storage.

This has caused multiple instances to take radical measures, from defederating liberaly, to stopping image uploads to even shutting down.

Today I'm happy to announce that I've spend multiple days developing a tool you can plug into your instance to stop this at the source: pictrs-safety

Using a new feature from pictr-rs 0.4.3 we can now cause pictrs to call an arbitary endpoint to validate the content of an image before uploading it. pictrs-safety builds that endpoint which uses an asynchronous approach to validate such images.

I had already developed fedi-safety which could be used to regularly go through your image storage and delete all potential CSAM. I have now extended fedi-safety to plug into pict-rs safety and scan images sent by pict-rs.

The end effect is that any images uploaded or federated into your instance will be scanned in advance and if fedi-safety thinks they're potential CSAM, they will not be uploaded to your image storage at all!

This covers three important vectors for abuse:

• Malicious users cannot upload CSAM to for trolling communities. Even novel GenerativeAI CSAM.
• Users cannot upload CSAM images and never submit a post or comment (making them invisible to admins). The images will be automatically rejected during upload
• Deferated images and thumbnails of CSAM will be rejected by your pict-rs.

Now, that said, this tool is AI-driven and thus, not perfect. There will be false positives, especially around lewd images and images which contain children or child-topics (even if not lewd). This is the bargain we have to take to prevent the bigger problem above.

By my napkin calculations, false positive rates are below 1%, but certainly someone's innocent meme will eventually be affected. If this happen, I request to just move on as currently we don't have a way to whitelist specific images. Don't try to resize or modify the images to pass the filter. It won't help you.

For lemmy admins:

• pictrs-safety contains a docker-compose sample you can add to your lemmy's docker-compose. You will need to your put the .env in the same folder, or adjust the provided variables. (All kudos to @Penguincoder@beehaw.org for the docker support).
• You need to adjust your pict-rs ENVIRONMENT as well. Check the readme.
• fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. A CPU scan will not be fast enough. However my architecture allows the fedi-safety to run on a different place than pictrs-safety. I am currently running it from my desktop. In fact, if you have a lot of images to scan, you can connect multiple scanning workers to pictrs-safety!
• For those who don't have access to a GPU, I am working on a NSFW-scanner which will use the AI-Horde directly instead and won't require using fedi-safety at all. Stay tuned.

For other fediverse software admins

fedi-safety can already be used to scan your image storage for CSAM, so you can also protect yourself and your users, even on mastodon or firefish or whatever.

I will try to provide real-time scanning in the future for each software as well and PRs are welcome.

Divisions by zero

This tool is already active now on divisions by zero. It's usage should be transparent to you, but do let me know if you notice anything wrong.

Support

If you appreciate the priority work that I've put in this tool, please consider supporting this and future development work on liberapay:

https://liberapay.com/db0/

All my work is and will always be FOSS and available for all who need it most.

How can I link a post such that everybody would open it via their home instance (and therefore could interact with it)? Or is there at least any way how to open specific post (from another instance via my instance) manually?