Dave

Dave , 10 months ago

There is a cross post button. It adds a link under the post when opened to show other communities it has been cross posted to, but it doesn’t solve the original problem.

Dave , 10 months ago

Isn’t Tildes the site responsible for the creation of Beehaw? As in a bunch of users had a disagreement with the admin and decided they would all leave Tildes and start their own place (with blackjack and hookers), eventually settling on Lemmy for the platform?

Dave , 11 months ago

So was the operator of the website arrested because they released the details themself? Is that what’s implied?

Dave , 11 months ago

Ah thanks. The way the short HIBP message is phrased made it sound like the events may have been connected.

Dave , 11 months ago

There are blog posts but basically these guys don’t have investor funding, need to cover costs, and the cost structure is representative of their costs.

Running a search index is expensive, it’s honesty pretty amazing a company of this size can manage it.

Dave , 11 months ago

Not only that, we want it to be slow. Being a server admin at the moment is racing from fire to fire. The Lemmy software needs to mature a bit before it will be ready for the less-technical users.

Dave , 11 months ago

I’m sorry you’re getting downvoted, it’s perfectly reasonable to want more content and it seems reasonable that more users would bring that content.

However, a massive number of new users (rather than slower organic growth) probably won’t bring what you want. Because there are massive issues that many people will not put up with.

As an example, Lemmy.world recently had an administrator account broken into because of a problem in the code that meant accounts could be compromised (any account) by viewing a page. Lemmy has never had a professional security review (they are super expensive).

Another example, if a user tries to delete their account (or if an admin tries to ban and remove all the content of a spam bot), the site will freeze for all users, it will start showing them an error page until the operation has completed or (more likely) the operation is killed by server admin or automated stabilty software. The bug report has a lot of commentary on the cause but doesn’t seem to have clear direction on how to fix it.

And yet another, Hot and Active sorting are still messed up for old posts recently federated, which means you get months or years old posts showing near the top even if they have no comments. This is luckily fixed in the upcoming release, but is an example of things that may turn away new users.

There are still massive performance issues. Currently the large sites are throwing money at the problem, using powerful hardware to attempt to mitigate this. But Lemmy has something like 100,000 active users across the whole network. If this was 1,000,000 you’d hope there was more content, but what you’d probably get is a site that won’t load.

We have to remember that 2 months ago, there were about 1000 monthly active users. This is already a massive growth in a short time, and many volunteers are working hard to try to improve Lemmy and increase performance to be able to scale to more users. But 2 months is a short timeframe for new contributors to learn how the code works, work out ways to improve it, write that code, test it, and release it with confidence that it’s stable. In reality not all these steps happen and new bugs are introduced (such as the account takeover one) so we really don’t want to rush into more users.

With that said, we also want to be seen as an alternative to reddit. So when new rushes happen, we want to be ready for the influx and be able to handle the new users, we shouldn’t turn people away.

Dave , 11 months ago

Endless Sky has a mobile port on F-Droid. You fly a ship around, doing trade, missions, attacking pirates (or being a pirate). There are also a few storyline missions, many hours of fun and the game is still in development. There are some quirks on mobile but I put many hours into it, it’s good fun.

Mindustry is also fun, and has many hours of potential. It’s also a port of a PC game, this one works very nicely on mobile. It’s sort of a Factorio (conveyor belts) tower defense game.

Dave , 11 months ago

I’ve just recently started using Kagi. It’s great, it’s fast, I love that I can raise, lower, or block certain sites in the results.

However, $5 a month for up to 300 queries is pretty steep for the average user. Well, not for the average user (apparently the average google user only searches 100 times a month) but I used up the 100 demo searches over about 48 hours, mostly just researching for responses to lemmy comments.

I subscribed anyway. And I understand search engines are not cheap to run. But time will tell how much this will end up costing in the long run, and if it’s worth it over a free one with an ad blocker.

Dave , 11 months ago

You can set a price point you get a notification, and another price point where there’s a hard cap. So I’ve started on the $5 a month plan which is 300 searches plus 1.5c per additional search. Then I set a $5 limit on the extra searches, so I’ll never be billed more than $10.

Dave , 11 months ago

Can I ask what kind of searches you’re doing? I don’t find google all that great, so I’m curious what you’re searching for where google gives you good results.

Dave , 11 months ago

Yeah, I tend to try to support new projects doing things different just because I want them to grow. At the moment it costs them approx 1.25 cents per search, which is what pricing is based on (they also need to offset the searches for free trials so the price is a little higher) but presumably there are fixed costs that will mean this cost can come down as the userbase grows. $5 is also not much to me, but it can mean a lot to the service which is young and founder-funded.

Dave , 11 months ago

Hey it’s me, “that guy”. You can’t copyright the letter X. You can possibly trademark it, but trademarks are specific to an industry (hence why there are so many articles saying this company owns the X trademark, and that one, and these other 100 companies all do too).

Trademarks are not life+70y but come with their own set of criteria.

Dave , 11 months ago (edited 11 months ago)

The actual report is probably better to read.

It points out that you upload to one server, and that server then sends the image to thousands of others. How do those thousands of others scan for this? In theory, using the PhotoDNA tool that large companies use, but then you have to send the every image to PhotoDNA thousands of times, once for each server (because how do you trust another server telling you it’s fine?).

The report provides recommendations on how servers can use signatures and public keys to trust scan results from PhotoDNA, so images can be federated with a level of trust. It also suggests large players entering the market (Meta, Wordpress, etc) should collaborate to build these tools that all servers can use.

Basically the original report points out the ease of finding CSAM on mastodon, and addresses the challenges unique to federation including proposing solutions. It doesn’t claim centralised servers have it solved, it just addresses additional challenges federation has.

Dave , 11 months ago

Except for expensive bikes, that’s all we have. That’s why I got these boltcutters…

Well of course, how else do people get expensive bikes?

Dave , 11 months ago (edited 11 months ago)

No fair! You changed the outcome by measuring it meme

(edit: I don’t know why it wasn’t loading, have now uploaded directly to lemmy)

Dave , 11 months ago

Just the ones people subscribe to.

I have an instance with over 600 users that has been up 6 weeks, and the storage grows every day. Database is 22GB and image cache + uploads is 30GB. In theory the cache should be cleared after a certain time, but I’m not aware of a configuration setting for this in Lemmy.

Dave , 11 months ago

Fun fact, if you change the setting in your account to not see bot posts then they go away :)

Dave , 11 months ago

Like the others say, there’s a downside as it blocks all content from accounts marked as bots by their creator. But on the website of your instance, clixk your name at the top right (or on mobile, hamburger button then click your name), then click Settings. The option is in there, and in my experience generally will sync through to any app you use. Your app may have a way to set this as well.

Dave , 11 months ago

To be safe I should download backups once a month or so.

Please do it more often if you have users other than yourself. One backup on the same server is barely a backup at all.

Dave , 11 months ago

Even just a cronjob or scheduled task to download the backups to a machine at another location would be a big improvement. Then you can do it far more often because it’s automated.

But personally I like to have both a copy on a PC and a cloud backup, in addition to the server.

Dave , 11 months ago

The page here explains getting a database dump on a running instance (and how to restore): join-lemmy.org/docs/…/backup_and_restore.html

Then just back up the other files in the volumes directory where Lemmy is installed (everything except postgres, which is what the database dump does).

The pictrs volume includes both the uploaded images and the image cache. I have no idea how to separate out the uploaded images so you don’t have to back up the cache, I just back it all up.

Dave , 11 months ago

Wasn’t there a twitter account that retweeted people posting photos of their credit cards?

Dave , 11 months ago

Let’s be fair, lemmy instances are having the same issues federating, especially getting posts from the big instances. I presume it’s a server load thing.

Dave , 11 months ago

There’s a nice page on the legalities of user content here: eff.org/…/user-generated-content-and-fediverse-le…

Dave , 11 months ago

It’s almost certainly fine. Emails are not shared to other instances.

However, when you go around the internet giving your email address to random sites, eventually you’re gonna hit the wrong site and at the very least end up with a bunch of spam or having your email sold to advertisers. It’s a good idea to use an email privacy service - basically when you sign up for things like newsletters or random sites you generate a new random email, then if anyone emails that email it gets forwarded to your actual email address. Some of the services even let you reply to the email and they make it look like you relied from the alias.

We’re on different instances and links can be funny at the moment so I’ll copy a recent post I did:

You don’t need to provide an email address to sign up at most of the big instances. I think lemmy.world is the exception. Even your instance lemmy.ca does not require an email address.

If you really want to provide one, you could use a service that does email forwarding. Some examples are simplelogin.io (owned by Proton Mail), and Firefox Relay (Owned by Mozilla, makers of the Firefox browser). These both have free tiers. There is also duckduckgo.com/email/ from the people who make the privacy focused search engine DuckDuckGo. That one I believe gives you unlimited new randomised email addresses for free. Very low attachment size limit but great for something like Lemmy.

You install an extension in your browser then you can generate emails whenever you need.

Personally I pay for Firefox Relay, which has a small free tier (I think 5 emails) but the paid version is $10 for a year which I think is worth it.

Dave , 11 months ago

I’m pretty sure editing the email removes the record. In general, editing updates the database with the new value while deleting things marks a record in the database as deleted (e.g. so a mod can un-delete something that was accidentally deleted by a mod). Editing the email adress to remove it should just clear that field in the database. Of course your instance will have backups, but they won’t keep them forever.

I don’t know when I lost my tech savvy, but it’s getting harder and harder to keep up with things these days.

Things are moving faster and faster these days! I’m not sure that anyone keeps up with everything new.

Speaking of which, does Lemmy remind anyone else of irc? The organized chaos has been giving me deja vu and I think I just realized why…

You’re not the first person to make that connection!

Dave , 11 months ago

The secret is that Lemmy is tracking karma, it just doesn’t show it. There are fields in the database that hold the total comment score and total post score.

Dave , 11 months ago

Being a mod doesn’t change anything. If the community is from your instance it will be accurate. If not, in the sidebar under the name of the community there is a link to visit the community on the site of the home instance. You can click that to see the community on it’s home site amd that will show the accurate count.

Subscriber count isn’t really that helpful though, better to look at the active user coints, which seem to be mostly accurate regardless of which instance you are viewing from.

Dave , 11 months ago

I’m not convinced it’s a federation issue, it seems more like it’s by design. After all, it does show you the active user counts. Presumably you could get the total subscribers count just by having an API call to the home community to ask for it.

Dave , 11 months ago

For me on my small instance, this YSK community shows 30ish subscribers but 2000 active users per month.

Dave , 11 months ago

At a high level you’ve pretty much nailed what is happening.

What if that user deletes their account or it’s banned?

Lemmy federates these to let other instances know. Check the mod log (link at bottom of every lemmy instance website) to see the record of this.

What if Instance A just…shuts down one day and never boots back up? You’ll end up with these ghost entries inflating numbers. It’s not an easy problem to work around

This is already an issue, but a solvable one. Currently some instances are blocking hundreds of other instances that used to exist but no longer do, because Lemmy keeps trying to contact them and when it fails it retries. It’s causing instances big performance issues.

But the solution probably isn’t that hard. Someone smarter than me can work it out but I imagine it working something like retry every 5 mins for an hour, every hour for a week, then don’t retry unyil you get a new request from that instance (e.g. for one of their users to subscribe to a community on your instance).

In fact, Mastodon is a lot more mature than Lemmy an I expect would have the same problem, so we can probably copy whatever their solution is.

Dave , 11 months ago

Don’t forget that the admin basically has all your info

What info? Lemmy is a public forum - anyone can see anything you post. Many Lemmy instances don’t even require an email address to sign up.

Dave , 11 months ago

At the very least they would get access to your IP address (assuming you aren’t ok a VPN/proxy)

A public IP address is (by definition) public. If you’re behind CG-NAT you don’t get your own public IP and if you have a public IP but not a static one then restarting your router will change it. I don’t think there are many cases where an instance knowing your public IP is an issue. Lemmy instances hotlink media from other instances so many different instances get your IP just from browsing Lemmy.

My main concern would be instance longevity

This is a different conversation but if your account is meaningful then this should be a real concern. A month ago there were about 80 instances, now there are nearly 1000. How many of those will still exist in a year?

Dave , 11 months ago

Possibly, but you don’t have to be an admin of the instance the user is on to get their IP if thats what you’re trying to do.

Dave , 11 months ago

You don’t need to provide an email address to sign up at most of the big instances. I think lemmy.world is the exception. Even your instance lemmy.ca does not require an email address.

If you really want to provide one, you could use a service that does email forwarding. Some examples are simplelogin.io (owned by Proton Mail), and Firefox Relay (Owned by Mozilla, makers of the Firefox browser). These both have free tiers. There is also duckduckgo.com/email/ from the people who make the privacy focused search engine DuckDuckGo. That one I believe gives you unlimited new randomised email addresses for free. Very low attachment size limit but great for something like Lemmy.