Meta (lemm.ee) sunaurus • 2 months ago • 98%

# Hey folks! Unfortunately, roughly 2 hours ago, lemm.ee went offline. The cause was our load balancer: it suddenly decided that all of our servers had become unhealthy, despite all health checks responding successfully when I requested them directly. In such cases, the load balancer stops serving all requests, effectively meaning that lemm.ee is unreachable for all users. I am still not sure what exactly caused the issue, but I will try to investigate more over the weekend. For now, we have partially recovered, and I am continuing to work on remaining issues. Hopefully we will be back to 100% very soon. Sorry for the inconvenience!

Meta (lemm.ee) sunaurus • 3 months ago • 98%

# Hey folks! For anybody stumbling on this post from outside lemm.ee: I am the head admin of lemm.ee, a general purpose Lemmy instance, which recently turned 1 year old. I am writing this post to elaborate on how we approach defederation on lemm.ee. Anybody who has been on Lemmy for a while has most likely seen several public defederation drama posts (most recently regarding lemmy.ml, but there have been many many others previously). As an admin, I have probably seen far more than what is visible publicly, as I regularly receive private messages on the topic, ranging from polite questions about federation, to outright demands that I immediately defederate, and even to threats and personal attacks over the fact that I have not defederated some particular instance. It is definitely a topic that will keep coming up for as long as Lemmy exists, which is why I feel it would be useful to condense my current thoughts about it in a single place. Note that while I strongly believe everything this post contains, **it is definitely a subjective topic, and there is no single right answer here**. Other instances have completely different approaches to federation compared to lemm.ee, and that’s of course totally fine. The beauty of Lemmy is that everybody can choose their home instance, and in fact, everybody is free to spin up their own instance and run it however they feel is best. For an absurd example, if you want to create an instance which defederates any instance with an “L” in their name, then nobody can stop you! ### Quick intro to the lemm.ee federation policy Very shortly after creating lemm.ee, I wrote down a federation policy, which basically boils down to “we treat defederation as an absolute last resort, and we do not use it as a generic way to curate content for lemm.ee users”. This policy can always be found in the sidebar of the lemm.ee front page. In practice, this has meant that we have had extremely few defederations, and that we mostly solve problems with other means. I am very happy with the results, as it means that lemm.ee has become a great entry point into the Lemmy network, with very few artifical limitations on who our users are allowed to interact with. ### The benefits of federation I hope that this part of the post is very uncontroversial, but I firmly believe that **federation is the absolute strongest feature of Lemmy**. While we all know that the concept of federation can cause confusion for new users, this is usually overcome extremely quickly (for example, using the common e-mail providers analogy to explain Lemmy instances). To me, it’s completely clear that the benefits of federation far outweigh the downsides. For example, by splitting the Lemmy network between thousands of independent nodes, we ensure that: 1. Any single entity is not a single point of failure for the whole network. Even if the biggest instance goes down tomorrow, their content will still be accessible through all the other federated instances. 2. The maximum impact of admins is limited to their own instance. As a lemm.ee admin, I can ban a remote user from posting on lemm.ee, but I can’t completely ban them from the entire network. 3. Private user data (such as ip addresses, e-mails, etc) are never shared between instances. No single malicious instance can harvest user data for the entire network, and extremely privacy sensitive users can always spin up their own instance if they don’t want to put their trust in any existing admins. One thing which is probably important to note here is that I tend to view Lemmy instances as **infrastructure**, rather than as communities. I know that there are alternative approaches, as quite a few large instances are in fact run as mega-communities, but that’s not the approach I take with lemm.ee, because I feel like such an approach encourages centralization and negates some of the benefits of federation (if all communities related to one topic condense on a single instance, then that instance does effectively become a single point of failure for a large number of users). In general, I feel like it should be a goal to encourage and cultivate decentralizing the network through federation as much as is practical, in order to maximize the above benefits. ### The downsides of dedeferation Conversely, defederation has a lot of downsides. 1. **It obviously negates all the benefits of federation mentioned above.** Every time two instances defederate, the Lemmy network becomes less redundant, some communities become a bit more centralized, and the danger of malicious admins for those communities becomes much greater. 2. **There is a lot of collateral damage.** The most common reason I have personally seen for defederation demands is related to moderation of either a single user, or a handful of users. For example, a lemm.ee user gets into some heated arguments with people from an instance with hundreds of active users, and then links this heated thread to me as proof that the instance should be immediately defederated. However, in this situation, there are hundreds of other users who were not even involved (or even aware of) the thread in question. By defederating, I would be making a decision to cut off every single lemm.ee user from every single one of those hundreds of innocent remote users. 3. **Ironically, defederation actually makes moderation more difficult.** It was recently pointed out to me by a user on another instance that they are afraid they can’t effectively moderate communities on lemm.ee, because their instance has defederated several other instances, which means they would not be able to see posts from those instances on lemm.ee communities. 4. **It is extremely easy for malicious actors to abuse.** In the year I’ve been on Lemmy, I have already seen *two separate cases* of users creating accounts on another instance and posting garbage, and then going back to their home instance and demanding their admins defederate over the content they themselves created. Basically, if an instance is known to use defederation as a tool to punish misbehaving users on other instances, then it’s actually quite easy for users to manipulate the situation to a place where admins have no alternative except to defederate. It seems to me that a lot of users don’t think of such downsides when demanding defederation, or they just don’t consider them as important enough. In my opinion, these are all significant issues. **I do not want to end up in a fragmented Lemmy network, where users are required to have accounts on 5 different instances in order to be able to access all their communities.** ### What’s the alternative to defederation? Should Lemmy become some kind of unmoderated free speech abolutism platform? **I want to be very clear that I do NOT believe in unmoderated social networks**. Communities should always be free to set and enforce rules which foster healthy discussions. On top of that, instances should always be free to set and enforce rules for all of their users and communities. In the case of lemm.ee, we have some instance-wide rules, and we will enforce them on all lemm.ee users, as well as all remote users participating in communities hosted on lemm.ee. For example, we never want to offer a platform for bigotry, so we regularly issue permanent bans for users who want to abuse lemm.ee to spread such hate. **In practice, site bans have been extremely effective at getting rid of awful users, whether they are remote or local.** On top of site bans, **Lemmy admins also have the option of removing entire remote communities.** There are certainly cases where a community might be allowed on instance A, but not instance B - rather than defederating (and potentially cutting off a lot of innocent unrelated users), instance A can just “defederate” a single community. Finally, a lot of issues can be solved through simple communication between instance admins. Often having a discussion with another admin results in pretty clear alignment over whether some user is problematic, and the user will end up being banned on their home instance. Being one of the most openly federated large instances with such an approach, we have discovered several things: 1. If we were to defederate over every rule breaking user or community on the Lemmy network, we would not be federated with any of the large instances at this point 2. In the vast majority of cases, remote users who have broken lemm.ee rules have ended up banned on their home instance anyway - there is very little additional moderation workload for our admins from being widely federated 3. If a user truly wants to spread some kind of hate, defederation wouldn’t stop them anyway, as they will just create accounts on any instance which they want to “attack” The longer I run lemm.ee, the more sure I become that in the vast majority of cases of abusive users, the best approach is to simply hand out site bans. ### When is defederation the only option? Having said all of the above, I still believe that there a few cases when defederation is the best option: 1. When an instance is abusing the Lemmy network - generating spam, advertising, illegal content, etc - either deliberately, or through inactive admins (this has been the most common reason for lemm.ee to defederate any instance in the past) 2. When an instance is just causing too much moderation workload. So far, we haven’t experienced this yet on lemm.ee, but I can’t rule out that it could happen in the future. ### Conclusion I hope this post helps clarify my stance on defederation. Like I said in the beginning, I realize a lot of this is subjective, and there are no right or wrong answers - this is just the way we have been (and will be) doing things on lemm.ee. I intend to save this post and link it in the future when people bring up defederation requests. If you feel like I didn’t address something important, please feel free to raise it in the comments!

Meta (lemm.ee) sunaurus • 3 months ago • 98%

# Hey folks Just a heads up that I will be doing some minor database maintenance shortly. I expect the downtime to last <5 minutes. Have a nice day! Update: maintenance is complete!

Meta (lemm.ee) sunaurus • 3 months ago • 98%

# Hey, folks! Today, we can celebrate the first anniversary of the creation of lemm.ee! I thought it would be cool to write down how lemm.ee was born, as well as collect some stats about our first year. Here goes! ### A quick recap of the beginning of this instance As probably many others here, I discovered Lemmy early last summer. I had been aware of the Fediverse previously, and always thought it was an amazing concept, but I had never been super interested in Twitter-style social networks. When I found out that Lemmy combined all the great parts of federation with the best parts of link aggregation, I knew that I had to join immediately. As I was trying to find an instance to make my account on, I realized that most instances were struggling to keep up with a massive influx of new users. At the time, there was a big explosion in Lemmy user numbers, and the network wasn’t fully ready for it. I have some experience with building software for scale, so it felt natural to set up a new instance and try to help with spreading out the load. I got to work in the evening of the 8th of June, 2023, and I was actually so excited about everything, that I completely skipped sleep that night. By the morning of the 9th of June, lemm.ee was online. From the very beginning, I always intended for lemm.ee to be a welcoming, reliable, and stable gateway into the Lemmy network. I wrote [a welcome post on lemm.ee](https://lemm.ee/post/26), which most of you have probably seen, as well as [a comment on lemmy.ml inviting new users to lemm.ee](https://lemm.ee/post/593/2886) (lemmy.ml, as many instances, was extremely overloaded at the time). We started growing extremely quickly. Thousands of users joined lemm.ee over the first few months. Even during the biggest waves of new users, we never closed our sign-ups. The first month or two were definitely very stressful in terms of just trying to deal with the load, but overall, I think I managed to deal with it well enough, and lemm.ee has been running more or less smoothly (with a few exceptions) ever since. ### Some stats about the first year I promised to collect some statistics about lemm.ee so far. This is what I’ve come up with: #### Usage Overall, lemm.ee has 28,715 registered users. Of course, it’s easy to create an account, and most of these are probably inactive at this point, but it’s still a ridiculous amount. Of all the registered users, **7903 have made at least one post or comment**. 7373 users have never made any posts or comments, but have still been voting. This means that out of users who actually interact on lemm.ee, more than half generate content (through their comments and posts) - this is way more than I expected! Meanwhile, we also have 13,439 users who have never made a single comment, post or vote. I guess most of these are people who just signed up and never got into Lemmy, but I’m sure there are quite a few hardcore lurkers among this group as well. As for communities, our users have created 1430 of them. Most of these have not (yet) taken off, as **only 491 of these communities have at least one comment in them**. In general I am happy to see some great communities appearing on lemm.ee - my hope is that we can spread awesome communities out quite evenly on the network, so that in the end, no instance becomes a single point of failure for Lemmy. Judging by posts and comments made by lemm.ee users, I feel like we’re definitely on the right track: **our users have made 20,898 posts in local communities, and 30,847 posts in communities hosted on other instances**. The situation is even better for comments, where lemm.ee users have written 42,785 comments in local communities, and a whopping 569,730 comments on remote communities! **This means that lemm.ee is not just its own little closed pocket in the Fediverse, but indeed a proper gateway to the Lemmy network, which is exactly what I always hoped it would be.** *Note about comment and post counts: I realize the numbers above don’t match the stats about posts and comments on our front page, I’m guessing something is out of sync there, but the stats I am sharing here are based on actual fresh data, counted directly in our database today.* **Lemmy (and lemm.ee) would be quite useless without its users, so a big thanks to all of you for using lemm.ee!** #### Administration We have a really awesome volunteer admin team, with admins putting in countless hours of their free time to help weed out bad actors. A lot of the work our admins do is completely invisible to most users. I think the admin team does not really get enough recognition, and in fact in many cases, they actually get some undeserved abuse thrown at them. I am personally very grateful for everybody who has stepped up to be a part of the team, and I think all lemm.ee users benefit from their work every day. In the past year, **our admins have handled 12,329 reports from users**. While most reports aren’t too bad, and don’t require harsh action, there is still a significant amount of these reports which contain the absolute worst content which you can find on Lemmy - hate speech, bigotry, gore, even illegal content. Our admins are constantly going through every single report they receive, to ensure that mods are getting admin-level support where needed, and to ensure that malicious users in general can’t use lemm.ee to spread garbage into the Lemmy network. In terms of admin actions, I think the most interesting statistic might be **amount of users banned by lemm.ee admins, grouped by their home instance**. I will list the top 10 instances here: * kbin.social: 581 * lemm.ee: 355 * lemmy.world: 31 * sh.itjust.works: 29 * m.mxin.moe: 28 * discuss.tchncs.de: 26 * kbin.chat: 22 * mastodon.social: 19 * lemmy.ca: 18 * fedia.io: 16 As you can see, with the exception of kbin.social, the vast majority of our instance bans are for our own users. **Most of the big instances are actually very good at banning their own abusive users**, and once they are banned on their own instance, our admins don’t really need to worry about them, as they have no way to log in at that point. kbin.social is a bit of a special case - they either don’t give out a lot of bans, or those bans just don’t federate to Lemmy properly, and for some reason, a lot of advertisers sign up on that instance all the time. #### Financials I have received some questions every now and then about how much it costs to run lemm.ee. While you can always get a sense for the predicted monthly costs for the current month on https://status.lemm.ee, I thought I might include a full breakdown of our costs for the first year here. Here are all of our costs for the past year, grouped by service: * Postmark: **177.06€** * Cloudflare: **222.28€** * DigitalOcean: **1744.27€** * Hetzner: **510.20€** (lemm.ee migrated from DigitalOcean to Hetzner several months ago) * Backblaze: **3.78€** (we’ve been using Backblaze B2 for a few months now, it’s incredibly cheap) * Domain registration: **100.70€** (paid for the next 10 years!) #### We are currently completely funded by lemm.ee users! There is a small minority of users who are shouldering the entire cost of lemm.ee for all of us. I am extremely grateful that others find Lemmy useful enough that they have put their own money into ensuring financial stability for lemm.ee. We currently have 49 active sponsors on GitHub, and 7 active supporters on Ko-Fi. In addition, there have been 62 more sponsors on GitHub over the past year, as well as 49 additional supporters on Ko-Fi. This means that in total, **167 users have supported lemm.ee financially**. This has completely exceeded all my expectations, I really think it’s incredible. **A huge thanks on behalf of myself (and I think I can speak for all other lemm.ee users here as well) to all the supporters!** ### Conclusion Running lemm.ee has certainly been a rollercoaster in many ways. There are a lot more things which happened during the first year that I could write about here. On the other hand, this post is already quite long, and a lot of the things which happened are probably best forgotten about anyway, so I think I should wrap up here 😅. At its core, Lemmy is really an amazing piece of software. It’s helping real humans connect on the internet, without any corporate bullshit. I am very happy to be here with all of you, thank you for joining lemm.ee for its first year, and I hope you’ll join me here again when I write this post in another year from now!

Meta (lemm.ee) sunaurus • 4 months ago • 98%

# Hey all! ### Upcoming lemm.ee cakeday Can you believe that lemm.ee is almost 1 year old? In just a couple of weeks (specifically, on the **9th of June**), we will be able to celebrate our first instance cakeday. I am thinking of compiling some stats about how lemm.ee has been used in its first year, **if you have any specific stats in particular you would like to see, feel free to comment below**. I will try to accommodate any ideas as I start gathering this info! ### Infrastructure updates A few weeks ago, [I posted about plans to make some changes to our infrastructure in order to deal with different intermittent networking issues.](https://lemm.ee/post/31265777). It took a bit longer than I hoped (just did not manage to get enough free time between then and now), but I am happy to report that this work has now been completed! Additionally, I have decommissioned our stand-alone pict-rs server. **With the two changes mentioned above, I believe lemm.ee should now be much more resilient going forwad, and I expect a significantly lower rate of infrastructure-related issues for the rest of the year!** I'll leave a tehcnical overview about the problem & solution below for those interested, but if these details don't interest you, then you can safely skip the rest of this post. ---- For context, lemm.ee has been hosted on Hetzner servers for most of this year (having migrated from DigitalOcean initially), with everything except our database being hosted on the Hetzner Cloud side, and the database itself living on a powerful dedicated Hetzner server. This mix allows a great amount of flexibility for redeploying and horizontally scaling our application servers, while still allowing a really cost-effective way of hosting a quite resource-hungry database. In order to facilitate networking between the cloud servers and the dedicated database server (which live in different networks), Hetzner provides a service named "vSwitch". This service basically allows you to connect different servers together in a private network. Unfortunately, I discovered quite quickly that this service is very unreliable. During the short few months that we have been using the vSwitch, we have gone through one extended period of downtime (where the service was just completely broken for several hours), as well as dozens (if not hundreds at this point) intermittent disconnects, where servers randomly lose their connections over the vSwitch. After such a disconnect, the connection never recovers without manual intervetion. For most lemm.ee users, the majority of these vSwitch issues have been mostly invisible, as we have redundancy in our servers - if one server loses its connection to the database, other servers will take over the load. Additionally, I have generally been able to respond quite quickly to issues by redeploying the broken servers (or deploying other temporary workarounds). However, in addition to a huge amount of these issues which lemm.ee users hopefully haven't ever noticed, there have also been a few short periods of downtime this year so far, as well as a few cases of federation delays. These more extreme cases were generally caused by multiple servers losing their vSwitch connections at the same time. After several attempts to work around these issues, I decided that we need to migrate away from vSwitch. #### As of earlier today, lemm.ee is no longer using Hetzner's vSwitch at all! I finally found enough time earlier today to focus on this migration, and I was able to successfully complete it. None of our networking is relying on the vSwitch anymore. In the end, I went with quite a simple solution - I configured a host-level firewall (nftables) on our database dedicated server, which will deny all connections by default. Whenever any cloud servers are added/removed, their corresponding public IP addresses are added/removed in the allowlist of our database firewall. It would have been ideal to do this whole logic in Hetzner's own firewall, but that one unfortunately has a limit of only 10 rules per server, which is just not enough for our setup. #### Bonus: our pict-rs server has been decommissioned! Pict-rs is the software which Lemmy uses for everything related to media (image storage mostly). Initially, pict-rs required a local filesystem to store both files as well as metadata about files. Since the beginning, lemm.ee has used a dedicated server just for pict-rs, in order to ensure we could easily redeploy the rest of our servers without losing any images. Over the past year, pict-rs has gained the ability to store files in object storage, and metadata in a PostgreSQL database. This meant that the server running pict-rs itself no longer contained any of the important data, so it became possible to redeploy without losing any images. Additionally, this meant that it would be possible to run multiple pict-rs servers in parallel. While we had already migrated our pict-rs server to use object storage and PostgreSQL several months ago, we still had the single dedicated pict-rs server up until today. I have been planning for a while to decommission this server, and start running pict-rs directly on each one of our Lemmy application servers. Earlier today, I was able to complete this plan. This should hopefully mean that our pict-rs server is less likely to get overloaded, and it also means a tiny reduction in our overall monthly infrastructure bill (due to one less server running). With the above changes, I think our infrastructure has become more robust, and hopefully, we will experience less issues with images, federation, and general downtime going forward. ---- That's all from me for now. Feel free to leave any thoughts or questions in the comments, and as always, I hope you're having a great day!

Meta (lemm.ee) sunaurus • 4 months ago • 98%

# Hey folks! This is a quick notice about a change to our moderation policy. We have had a policy on lemm.ee for administration and federation nearly since the very beginning. This policy has also always included a section about moderator responsibilities. Today, we have made two changes to this policy: 1. The policy has been renamed to [Policy for administration, moderation, federation](https://lemm.ee/post/401063) - this is to make it clear that the policy is also relevant for mods 2. We have introduced a new responsibility for moderators, they must "Ensure that they only provide accurate and clear reasons for mod actions". The reason for the addition is that mod log actions federate out to other instances, and are more or less permanent (due to how Lemmy and federation works right now). This means that users do not really currently have any easy way to clarify or defend themselves against inaccurate accusations in the mod log. As always, I am very grateful to all mods for your efforts in building awesome communities on lemm.ee. I hope you can understand why this new policy is necessary - I do not want to make your lives more difficult, the goal is to just try and reduce any mod log related misunderstandings in the future. Thank you for reading and have a nice day!

Meta (lemm.ee) sunaurus • 5 months ago • 99%

# Hey folks! We unfortunately had about half an hour of unplanned downtime today. This was caused by an issue with our hosting provider. The issue is solved for now, and I am planning to make some changes to prevent similar issues in the future. Sorry for the inconvenience! ---- ### Technical details Our servers are communicating with our database over Hetzner's "vSwitch" service. Unfortunately, this service seems to be quite flaky - over the past few months, I have had to deal with the connection just dropping without recovering many times. Mostly this has not resulted in any noticeable downtime, as we have redundant servers, so even if one of them stops working, it won't affect lemm.ee users. However, in this instance, all of our API servers lost their connection to our database at the same time, which resulted in actual downtime. I have now decided to migrate our setup away from the vSwitch in the near future to hopefully stop these issues for good. Should be possible to do this migration without any downtime, I just need to set aside some time to actually create an alternative solution for us, most likely over the coming weekend. I will update this post once the migration is complete. Update: the migration is now complete! You can read more [here](https://lemm.ee/post/33023822).

# Hey folks! I've been steadily working through the [roadmap for lemmy-ui-next](https://next.lemm.ee/post/27522337) (which is a new alternative Lemmy frontend), and it's getting to a point where I think https://next.lemm.ee is becoming quite usable. I've been personally using it as my main Lemmy frontend for several weeks now, and I know there are a few other brave users doing the same, so at this point, I'm confident enough to ask the wider lemm.ee population to try it out and share some honest feedback. If you're at all interested in this project, **I would massively appreciate it if you could spend some time using https://next.lemm.ee and letting me know how you feel about it**. I'm interested to hear about things like: * are you running into any issues or bugs * are there any things that generally annoy you * are you missing any features * what would it take for lemmy-ui-next to become your preferred frontend * anything else that comes to mind Please keep in mind that this is still a work in progress - some features are planned but not implemented yet (see the roadmap linked above for more details), other features are half-finished and may be a bit buggy still! Any feedback would really help me out, so please don't hesitate to share!

Meta (lemm.ee) sunaurus • 5 months ago • 99%

# Hey folks This is just a quick heads up that I need to perform some maintenance & upgrades on our database server, which unfortunately will require downtime. I don't expect the downtime to last for longer than 2-3 minutes, but just wanted to give a heads up first so you know not to be concerned. That's all, hope you have a great week! Edit: maintenance complete!

Hello, world! Edit: first test edit!

# Milestone 1 complete! This is just a mini-announcement & celebration for the fact that I have completed the scope for the first milestone I set for myself in the [roadmap](https://lemm.ee/post/27522337). Of course, I am still planning to keep improving and tweaking things as I go, but in terms of the raw list of features, the work for milestone 1 is complete. I am now going to take a day or two to clean up the code and work on some performance optimizations, and then in the later half of the week, I will continue working towards milestone 2, starting with commenting features! If anybody is interested (and brave), please feel free to check it out at https://next.lemm.ee, and feel free to share any thoughts and feedback in the comments!

# Intro This project is an open source alternative frontend for Lemmy. It is built with [Next.js](https://nextjs.org/). * **Preview environment:** [next.lemm.ee](https://next.lemm.ee) * **Source code & issue tracker:** [GitHub](https://github.com/sunaurus/lemmy-ui-next) **Screenshots** (desktop & mobile)  ### Goals * Drop-in replacement for lemmy-ui * Minimalistic design, following in the footsteps of other timeless link aggregator UIs * Fast! * Super basic NextJS architecture, taking advantage of features like the app router & server actions ### Motivation The original [lemmy-ui](https://github.com/LemmyNet/lemmy-ui) has been extremely important for the growth of Lemmy, and the new [lemmy-ui-leptos](https://github.com/LemmyNet/lemmy-ui-leptos) also looks quite interesting. One issue with both of these is that they are built using quite obscure technologies (Inferno and Leptos). This project was created as an alternative for contributors who are already familiar with NextJs and want to use those skills on Lemmy. The beauty of open source is that anybody can build what they want, and all these alternative projects can happily coexist! You can read more in the original announcement post [here](https://lemm.ee/post/27356044). # Roadmap ✅ - Completed ### Milestone 1 - Lurk (✅ v0.1.0) Includes read-only functionality, more or less everything you need in order to be a lurker on Lemmy * Front page (✅ v0.1.0) * Single post page with comments (✅ v0.1.0) * Single comment thread page (✅ v0.1.0) * User profile (✅ v0.1.0) * Community page (✅ v0.1.0) * Communities list (✅ v0.1.0) * Inline expanding media (✅ v0.1.0) * Separate mobile layout for narrow screens (✅ v0.1.0) * Search page (✅ v0.1.0) * Federation page (✅ v0.1.0) * Full Lemmy markdown support (spoiler tags, custom emoji, etc) (✅ v0.1.0) * Blur NSFW content (✅ v0.1.0) ### Milestone 2 - Participate Features related to actually participating on Lemmy * Login page (✅ v0.1.0) * Sign-up page (✅ v0.9.0) * Forgot password page (✅ v0.5.0) * Vote functionality (✅ v0.1.0) * Post create/edit/delete (✅ v0.3.0) * Comment create/edit/delete (✅ v0.1.0) * Inbox (Replies, DMs, mentions) (✅ v0.8.0) * DM sending (✅ v0.6.0) * Post/comment sharing (✅ v0.2.1) * Post/comment saving (✅ v0.2.1) * Image uploads (✅ v0.10.0) * User settings page * User/instance/community blocking ### Milestone 3 - Moderate Features related to moderation & administration * Report posts/comment/DMs * Report inbox * Community create/edit/delete * Modlog * "Rap sheet" on user profiles * Mod toolbar on posts/comments * Instance settings for admins * Sign-up applications inbox ### Future ideas * GitHub actions pipeline * Complete instructions & examples for deployment on other instances * More themes/layouts? * More features for markdown editor (more formatting options, emoji picker, @mentions)

Meta (lemm.ee) sunaurus • 6 months ago • 98%

# Hello, friends! TL;DR: I am working on a new Lemmy frontend in nextJS. There is still much work to be done, but you can already have an early look at https://next.lemm.ee **First of all, quick note to lemm.ee users:** I am making this announcement post in !meta@lemm.ee, as this is also a notice that I will be hosting an alternative frontend (lemmy-ui-next) for the first time on lemm.ee. Going forward, I will post updates about lemmy-ui-next in a separate dedicated community: !lemmy_ui_next@lemm.ee. If you're interested in future updates, please subscribe there! ### What is lemmy-ui-next? Lemmy is generally accessed through some kind of frontend UI. By default, Lemmy provides its own web interface (lemmy-ui), which you can find on the front page of most Lemmy instances (including lemm.ee). There are also several other independent frontends, for both the web and different mobile platforms, which I'm sure many of you are familiar with. Lemmy-ui-next is a brand new alternative frontend, built from the ground up with modern and popular tooling - a framework known as NextJS. Lemmy-ui-next has (or aims to have) the following high-level features: * Open source (AGPL) * Drop-in replacement for lemmy-ui - same exact URL structure, so all existing links will continue working * Very plain & minimalistic UI, strongly inspired by other link aggregator sites (of course including the original lemmy-ui!) * Very basic and "typical" NextJS architecture, to encourage open source contributions * Fully functional even when JavaScript is disabled (but works better with JS enabled!) * Optimized data transfer between your browser and the server (filtering out only relevant data from the Lemmy API, caching, memoization) * Strong focus on privacy and security (all authentication with the Lemmy API is done through secure httpOnly cookies, user IP addresses are not leaked to external image hosts, etc) ### What is the current status of lemmy-ui-next? I have mentally split the initial work I want to complete into 3 milestones: 1. Lurk - All read-only features of Lemmy 2. Participate - Voting/posting/commenting/DMs/reports, etc 3. Moderate - Handling reports, creating & managing communities, etc **I am now nearing completion of the first milestone.** It's not 100% there yet, but you can already log in, browse, subscribe to communities and even vote. Some things may still look a bit wonky, and some features are still missing, but the core experience is getting there. In terms of code contributions, I would ask anybody who is interested in getting involved to contact me first before working on anything. I am not looking for PRs just yet - the code structure is still a bit loose, and I am redefining it as I add more stuff. I would ideally really like to complete the first 3 milestones before opening things up for external contributors. ### Who can use lemmy-ui-next? At the moment, it is only hosted on this instance, at https://next.lemm.ee. I do not yet have any formal instructions for running it on other instances, but generally speaking, it is a simple NextJS app - to deploy it, you just need to do: `npm install`, `npm run build` and `LEMMY_BACKEND=https://<your lemmy api here> npm run start`. ### Why not just improve lemmy-ui instead? Lemmy-ui is an extremely important and valuable project. There has been a significant amount of hard effort put into it so far, and nobody can refute that it is the frontend which has really carried Lemmy to this point. Unfortunately, there are some architectural problems with lemmy-ui (mostly related to how data is fetched and how sessions are stored in memory), all of which would require quite a significant rewrite to fix. Additionally, I think that the core technical solution used for lemmy-ui is just a bit too obscure, which has been an obstacle to my own contributions, as well as to contributions by others. If a rewrite is on the table anyway, then I believe a different technology is the best way forward. ### Why not work on lemmy-ui-leptos instead? Lemmy-ui-leptos is another rewrite of lemmy-ui, which is being lead by Lemmy maintainers. It is based around a Rust web framework called Leptos. I think this is really cool tech, and will be happy to host lemmy-ui-leptos on lemm.ee in the future as well. There are a two key reasons why I personally decided to start working on another alternative, though: * I have heard from several people on Lemmy that they feel like Leptos is a big barrier to entry in terms of them contributing * Even for myself personally, I am very comfortable (and think I can move very fast) when working on something like NextJS, but with Leptos, I think the learning curve would be quite big and I would get much less done with any time I invest into it My hope is that by providing a very vanilla alternative, I can provide an outlet for potential open source contributors who would like to work on Lemmy, but aren't prepared to do it with Leptos. ### Does this mean that lemm.ee will change in ways I don't like? First, let me be clear: lemm.ee will always host the default Lemmy frontend. This means lemmy-ui for now, and most likely lemmy-ui-leptos in the future. I am however considering the possibility of switching things around at some point in the future, so that lemmy-ui-next will be hosted directly on lemm.ee, and lemmy-ui will be accessible on a different subdomain (like ui.lemm.ee). **This would only happen once I have completed all 3 milestones for lemmy-ui-next**. The main reason I am considering this is that I feel like I will always be in the best position to offer technical support to users on the frontend which I am myself maintaining. **If you have any thoughts about this potential change, please let me know in the comments below!** ### That's about it for now! This is something I've been thinking of doing for a while now, and I'm very excited to finally get the ball rolling! If you have a chance, please feel free to check out what https://next.lemm.ee looks like so far, and please let me know if you have any thoughts or feedback!

Meta (lemm.ee) sunaurus • 6 months ago • 99%

# Hey This is just a quick heads up that our host, Hetzner, has been experiencing networking issues today, which has caused some downtime for lemm.ee. I have a workaround in place for now, so we should (fingers crossed) be recovering at the moment, but I am still waiting on the proper solution from Hetzner. You can track their issue here: https://status.hetzner.com/incident/9406c500-9c8b-48be-9591-a73691134096 Also, this is a good opportunity to remind everybody about https://status.lemm.ee - you can be sure that I will provide updates on that page as soon as I am aware of & dealing with any issues. I have been posting status updates for the current issue there as well. Sorry for the inconvenience and I hope you have an otherwise great day! UPDATE: Hetzner claims they have fixed the issue, but the problems have not been resolved for lemm.ee servers yet, so I am keeping my temporary workaround active for now. Will continue troubleshooting this tomorrow. UPDATE 2: Hetzner has now fixed their issue, and our network has been restored to its original optimized state.

Fediverse sunaurus • 6 months ago • 98%

# Hello! I am sunaurus, the head admin of lemm.ee. Ever since I created my instance, I have been following a lot of public and private discussion channels between different parties involved with Lemmy. As I’m sure many others have also noticed, the discussions in such channels sometimes get heated, and in fact recently, I feel like there has been a constant trend in these discussions towards a lot of demands, hostility, negativity, and a general lack of empathy between different participants in the Lemmy network. I am writing this post for a few reasons: 1. I would like add a bit of positivity by expressing my gratitude towards every single person who has helped improve Lemmy. 2. I want to speak up in defense of different people who have been receiving negativity lately. 3. There are a few false rumors spreading on Lemmy, which I would like to try and counteract with very simple evidence. 4. **I want to remind everybody that at the end of the day, all of us care about building and improving Lemmy**. We all have the same goal, and it’s too easy to lose sight of that. I will split up what I want to say in this post by different user groups - users, mods, admins and developers. I understand that many people belong to several (or even all) of these groups, but I just want to highlight the value of, and express my gratitude to each group separately. ### Users At the end of the day, Lemmy would not be worth anything without the users. Users bring Lemmy to life by posting great content, getting involved in discussions in comments, helping surface interesting content for others through voting and even keeping the platform clean through reports. **I am extremely thankful for all the users who have given me so much enjoyment on this platform.** I believe that users often get treated unfairly on Lemmy based on what instance they are participating from. I’m sure so many of you have noticed comments around Lemmy along the lines of “Oh, another user from <instance>, I’m going to completely ignore your stupid takes”. I’ve also many cases of people treating users as second-class citizen if they are not on the same instance - for example, I’ve seen users who are active and valuable participants in communities on another instance receive comments like “why are you participating in our discussions, go back to your own instance”. In my opinion this is completely counterproductive to the whole idea of federation. On a human level, I can understand it - you’re far more likely to notice or remember what instance somebody is posting from if you have a negative experience. As a result, as time goes by, people tend to develop negative views of each instance, despite potentially having had many positive interactions with other users of those same instances. **The message I want to put out here is that instances, especially bigger ones, are not monoliths - do not judge users based on what instance they are browsing Lemmy from, judge them by their actual words and actions.** ### Mods There are some excellent communities already on Lemmy, and these communities are all continuously being built up and maintained by mods. Mods put in huge amounts of their free time and energy in order to provide spaces for all Lemmy users. They form the first line of defense against bad actors, they keep communities alive and often receive no praise, only criticism. **I am very grateful to everybody who has dedicated time to building communities on Lemmy.** Users rarely notice the lengths mods go to in order to keep communities running smoothly - mods more often than not only get noticed when users disagree with some mod actions. I believe mods deserve a lot better than this. Constructive criticism can of course be useful to improve communities, but it must be balanced with empathy and kindness towards people who have been putting in effort to provide something for users. Remember that there is another human being reading your words when you start writing about the mods of any particular community. Users who are not happy with mods of a certain community always have the opportunity to start their own community and run it as they like. ### Admins Admins provide two main key functions for the network: 1. Taking care of the actual infrastructure of Lemmy 2. Working as a higher level defense against bad actors, in cases where mods are not enough I can tell from my own experience that being an admin of a bigger instance requires **constant** energy and attention. I don’t believe that there is a single medium-to-big instance where the admins have not put in hundreds (if not thousands) of hours of their free time, as well as in many cases, probably their own money. This is a service which admins provide for free, and it is necessary in order to keep the Lemmy network healthy. **I have endless respect for anybody who is willing to put themselves in the position of a Lemmy admin.** I have seen awful messages towards admins from all the other groups listed here, including other admins. These messages range from condescending and rude, to downright hateful. I have seen admins treated as useless and their work taken for granted. I have seen people getting frustrated with admins for not spending every waking minute on Lemmy. I have seen some users consistently spreading provably false rumors about particular admins in an effort to tarnish their reputation on Lemmy. **Before you take out frustration on admins, please remember that they are also humans who have been working tirelessly to improve Lemmy in their own way.** Also, a reminder: the absolute best feature of Lemmy is that users are free to pick their instance - and as a result, users are also free to pick their admins. Even more than that, users can always become their own admins by spinning up their own instance. Yes, this requires dedication, effort, and research, but that’s exactly my point. It’s not easy running an instance, and mistreating people who do this as a free service is completely unacceptable. ### Developers Lemmy development has been lead by a few key maintainers, with a massive amount of smaller contributors. The software is constantly being improved at a very good pace, and everybody is able to benefit from this effort at no cost whatsoever. **I am extremely grateful to everybody who has participated in the development of the Lemmy software, and other related software, as without you folks, none of us would even be here now.** There seems to be a huge amount of people with very little appreciation of the work that has gone into the software. I’m sure many of you have seen countless messages where people express that the devs should be doing **more** in one way or another. “They should work faster”, “they should prioritize this *obviously* most important feature”, “they should be available 24/7 to offer support”, etc. I just want to take a moment here and acknowledge what core maintainers have already done for Lemmy: * Years worth of work on the code itself * Offering support to the community and other admins * Reviewing literally **thousands** of pull requests on GitHub * Acting fast in stressful situations where the Lemmy network has been overloaded * Not abandoning the project in the face of constant hateful users * Sacrificing literally **hundreds of thousands of euros** in missed salaries which they could have been getting if they were working for a tech company instead of working on Lemmy I also want to take this moment to discredit some rumors which I have seen repeated too many times: 1. **Rumor: Lemmy devs do not accept outside code contributions** This is completely false - the maintainers are completely open to (and even constantly asking for) contributions. When somebody starts contributing, they will receive support and code reviews very quickly. I can tell you that I have experienced this myself several times, but that’s anecdotal, so let me also provide evidence: a. Contributors list for the Lemmy backend: https://github.com/LemmyNet/lemmy/graphs/contributors b. Contributors list for Lemmy UI: https://github.com/LemmyNet/lemmy-ui/graphs/contributors **Both of these lists include 100 different names, and that’s only because GitHub literally caps these pages to 100 users.** Actually, the amount of different contributors is even bigger. If Lemmy devs did not accept and encourage outside contributions, then there would be no way for these lists to be so big. 2. **Rumor: Lemmy devs work too slowly** This is an extremely entitled and frankly stupid claim. I try to keep on top of the changes made in the Lemmy repo, and let me tell you, the pace of improvement is very good. I very firmly believe that if the network started downgrading to Lemmy versions from ~8 months ago, the whole network would just collapse, as none of the instances could keep up with the current volume. That is to say, we have come an extremely long way since last summer alone. Let me provide some more evidence. Take a look at the Pulse page for the Lemmy backend on GitHub: https://github.com/LemmyNet/lemmy/pulse. As of writing this, Lemmy devs have merged 18 pull requests in the week leading up to this post - that’s an average of 2.5 merged PRs per day. This is **extremely good** for a project with a small underfunded team. 3. **Rumor: Lemmy devs do not prioritize the important issues** There are two sides to this. First of all, there are endless users who turn to the Lemmy devs with what they believe is the most important issue and should immediately be prioritized - the problem is that almost none of these endless users have the same view of what the most important issue actually is! In that sense, it’s literally impossible to please everybody, because everybody wants different things. On the other hand, even when Lemmy devs do prioritize things which some users have been desperately asking for, I have on several occasions seen a dismissive response along the lines of “too little too late”. Basically, the demands made are often unrealistic and impossible to meet. If you are somebody who feels like Lemmy devs are not doing enough, I would ask you to please take a step back, look at the actual contributions which they have made, and consider how you yourself would feel if after making such a massive contribution, you would still need to listen to countless strangers on the internet tell you how you’re not good enough in their opinion. ### Conclusion Lastly, I am very thankful to anybody who took the time to read to the end of this post. Again, my goal is to try and defuse some of the hostility, as well as to put out a message of gratitude and positivity. I am very interested in the success of Lemmy as a whole, and that is much easier to achieve and maintain if we all work together. Thank you, I hope you're doing well, and have a nice weekend!

Lemmy sunaurus • 7 months ago • 98%

The RFC PR is here: https://github.com/LemmyNet/rfcs/pull/6 Reposting RFC contents below: ------ - Feature Name: report-inboxes - Start Date: 2024-02-20 - RFC PR: [LemmyNet/rfcs#0000](https://github.com/LemmyNet/rfcs/pull/0000) - Lemmy Issue: [LemmyNet/lemmy#0000](https://github.com/LemmyNet/lemmy/issues/0000) # Summary Rather than combining all reports into a single report inbox, we should allow users to select whether they are reporting to mods or admins, and we should split reports into different inboxes based on that selection. # Motivation The current approach has some shortcomings: * Users are not currently able to bypass mods and report directly to admins - this may allow mods to conceal instance rule breaking in specific communities * Admins are not aware of community rules, so they may wish to take no action for most community rule breaking reports. However, if an admin resolves such a report, the relevant community mods most likely never see it. * Different instances may have different rules, but somebody resolving a report on one instance will resolve it for other instances as well, thus potentially resulting in missed reports. * Mods might take local action on a report and mark it as resolved even in cases where a user should be banned from the entire instance. In this case, admins are very unlikely to see the report. # Guide-level explanation ### When creating reports, users will be able to select if it's a mod report, or an admin report (or both)  **Note: labels on the sreenshot are illustrative, actual labels can be more user-friendy.** Maybe something like: * Breaks community rules (report sent to moderators) * Breaks instance rules (report sent to admins) ### Instead of the current single report inbox, there will be three different kinds of inboxes * Admin reports - show all reports sent to admins (only visible to admins) * Mod reports - show all reports sent to mods for any communities the user moderates (visible to admins in case they are explicit mods in any communities) * This is equivalent to the report view that mods currently have in Lemmy already * All reports - Shows a view of all (admin and mod) reports, only visible to admins * This is akin to the current 0.19.3 admin report view, and would allow admins to still keep an eye on mod actions on their instance if they wish The UI wouldn't need to change for mods, but for admins, there would be a new selection at the top of the reports page (the "mod reports" tab would only be visible if the admin is also a mod in any community):  ### Resolving reports should be more granular * Reports in the "admin reports" tab can only be manually resolved for admins of the local instance * To reduce overhead, **banning the reported user on the user's home instance + removing reported content should automatically resolve reports for remote admins as well**. * Reports in the "mod reports" tab should be manually resolved by relevant mods (including admins, if they are explicit mods in the relevant community). * To reduce overhead, **admins banning the reported user on the community instance OR the user's home instance + removing reported content should automatically resolve reports for mods as well** * Admins could still resolve reports in the "all reports" tab * If it's not an admin report, and not a mod report from a community the admin explicitly moderates, then there should be an additional warning/confirmation when resolving a report here. This is to prevent cases of admins accidentally preventing mods from moderating according to their own community rules. To further clarify automatic resolution of reports: in any case where there is no further action possible, the report should be automatically resolved. ### Mods should be able to escalate reports to admins This would generate a corresponding report in the admin inbox. # Reference-level explanation * In the UI, changes are needed for both reporting as well as the reports inbox views * In the database and API, we should split reports by intended audience * Federation needs to be changed as well in order to allow distinguishing the report target audience # Drawbacks It might make reporting slightly more confusing for end users - the mod/admin distinction might not be fully clear to all. # Rationale and alternatives Alternatively, we could make reporting **even more** granular. It would be possible to allow users to select only a specific instances admins as the intended report audience, for example. However, I think this has several downsides: * Makes the report UI even more confusing * Potentially takes away valuable information from other admins (imagine a user only reports CSAM to their own instances admins, while leaving the offending post authors home admins in the dark) # Prior art Most other social networks allow users to select whether they are reporting a violation of community rules, or site rules as whole. # Unresolved questions Does ActivityPub properly support splitting up reports like this? # Future possibilities In the future, it might be a nice addition to have some automation to always escalate to admins, even if they're submitted as mod reports, based on report keywords. For example, "CSAM", "Spam", etc.

Meta (lemm.ee) sunaurus • 7 months ago • 99%

# Hey folks Some of you may have noticed comments complaining about spam and lack of moderation within the past day or so. Maybe you've even noticed a few spam posts yourself (hopefully not too much, as we have automations in place on lemm.ee to remove the spam as soon as it is posted). I just wanted to write a quick post with some context about the attack, what we are doing about it, and how you can help. ### Context Allegedly, a group of kids in Japan have created a bot, which signs up on different Fediverse instances and posts spam into different communities. The spam generally consists of Japanese text and/or an image and/or a bunch of random @mentions into different communities. You can check a post on Mastodon with more information here: https://mastodon.de/@ErikUden/111940301222380638 ### What we are doing about it Many instances are actively working to limit this spam-wave, and lemm.ee is no different. Thankfully, we have not had to deal with any bot sign-ups on our instance (potentially as a result of different protections we have implemented for sign-ups), but we still suffer the effects of the spam, even if it's posted from other instances. To help us quickly eliminate most of the spam for lemm.ee users, I am continually tuning our [@adminbot](/u/adminbot@lemm.ee) to automatically detect and remove content posted in this current spam-wave. We cannot remove content from the wider Fediverse if it's not posted there by a lemm.ee user, so our automated removals won't help users on other instances, but we are at least improving the experience for our own users. For an example, you can compare how [/c/opensource@lemmy.ml](/c/opensource@lemmy.ml) currently looks like on lemm.ee, to how it looks like on this screenshot I took from another smaller instance:  ### How you can help **First and foremost, please continue reporting any spam you find, so that relevant mods and admins can deal with it.** I am very grateful to users who help us identify spam through reports, and your reports are precisely what allow me to implement automated content removal for more extreme spam-waves such as this current one. **Secondly, I am seeking for a few volunteers to grow the lemm.ee admin team.** I am purposely burying this at the bottom of the post, to hopefully pre-filter out some candidates who would want to join for the wrong reasons. If you have read until this point in the post, then I assume you are already quite interested in improving the experience on lemm.ee, so if you feel like you could contribute to the admin team, please read on. First, I will say a few words about who we are looking for, then I will describe what kind of tasks you would have as an admin, and finally, I will cover some significant downsides of joining the admin team. We are looking for folks who more or less match the following profile: * You have already been active on the Fediverse for several months (not necessarily on lemm.ee) * Previous mod experience would be a huge plus * You should feel a strong agreement with our basic instance rules and our [administration & federation policy](https://lemm.ee/post/401063) * You should be prepared to be exposed to some vile content through reports * You are OK with using Discord as the main method of admin communication (that is what we have settled on and will continue using for the foreseeable future) As volunteers, we don't expect admins to be available 24/7, but as our instance grows, I do think it would be quite important to achieve a state of pretty good timezone coverage with our admin team, so please only consider applying if you are already regularly active on Lemmy. As for what tasks admins are responsible are for: it's mostly covered in the administration policy post linked above. But in short, you should be prepared to regularly check the report queue, contact users with friendly messages to de-escalate conflicts, issue bans, remove content, and monitor the activity of @adminbot. Additionally, if you're interested in taking a more hands-on approach to any kind of community-building on lemm.ee, then this would be totally welcome as well, but not strictly considered a core responsibility for admins. Please note that the lemm.ee admin team has an absolute zero tolerance policy against any kind of abuse towards minority communities. If you do not share this mindset, then please do not consider applying. Finally, let me share some negative aspects about joining the admin team. I think this will probably reduce the amount of any potential candidates, but I still feel it's important to be honest and upfront about this: Through the report queue, you will regularly see absolutely vile content which you might otherwise never even notice on Lemmy. Many users come to Lemmy to spread hate, post disturbing images, etc, and in order to clean such content up for other users, mods and admins need to actually be exposed to this content in much larger amounts than regular users. Additionally, while Lemmy is constantly being improved by the developers, the moderation tools are still quite rough around the edges. Lemmy is not at 1.0 yet, and that will most likely become even more obvious to you as you work on admin tasks. Maybe this is the most important one: no matter what you do, there will always be people unhappy with how you apply our rules. I have seen countless comments complaining about lemm.ee admins specifically. I have been told by complete strangers that they hate me. I have seen many complaints about us moderating too harshly. I have seen complaints about us not moderating enough. I have seen users on Lemmy make up wild stories about our admin team, and share them as facts. There are of course plenty of supportive users, but the negative experiences tend to leave a much more lasting impression. If after reading all of the above, you are still motivated to help make lemm.ee a better place through offering your help in the admin team, please contact me on Discord (`@sunaurus`)! That's all from me for now. Thank you very much to anybody who went through this whole wall of text, and I hope you are all having a good weekend!

Meta (lemm.ee) sunaurus • 8 months ago • 97%

# Hey folks! Just a quick update: we now have a dedicated status page for lemm.ee. You can find it at [status.lemm.ee](https://status.lemm.ee). It currently contains three sections: 1. A web status section, which I will update manually to communicate issues about lemm.ee 2. A financial status section, which I will update monthly to give an overview of how we're doing financially 3. A federation section, which automatically checks the current federation status, both incoming and outgoing, between lemm.ee and other instances. By default it shows 3 large instances, but you can also search for any specific instance you are interested in. This status page is hosted completely separately from our main servers, so if there is any trouble with our servers, you can expect the status page to still be available! If you have any issues with this page, or any other thoughts, feel free to comment.

Meta (lemm.ee) sunaurus • 9 months ago • 99%

# Hey folks This is a heads up that I will be performing some maintenance and hardware upgrades on our database this Saturday. We are currently experiencing several spikes throughout the day which cause our database to become overloaded - this results in degraded performance for many users. The spikes are happening due to a combination of continued growth of the database, some expensive periodic scheduled tasks which Lemmy runs, and fluctuating traffic patterns. Some of this can be optimized on the code level in the future, but it seems that the best way to deal with it right now is to add some additional resources to our database server. I am intending to switch to slightly different hardware in this upgrade, and will be unable to make this switch without downtime, so unfortunately lemm.ee will be unavailable for the duration. As our database has grown quite a bit, cloning it will most likely take a few hours, so **I expect the downtime to last 2-3 hours**. Sorry for the inconvenience, I am hopeful that it will be worth it and that this upgrade will significantly reduce some of our recent long page load times! ------ # Edit: upgrade complete! I have now migrated the lemm.ee database from the original DigitalOcean managed database service to a dedicated server on Hetzner. As part of this migration, I have also moved all of our Lemmy servers from the DigitalOcean cloud to Hetzner's Cloud. I always want the servers to be as close as possible to the database, in order to keep latencies low. At the same time, I am very interested in having the ability to dynamically spin up and down servers as needed, so a cloud-type solution is really ideal for that. Fortunately, Hetzner allows connecting cloud servers to their dedicated servers through a private network, so we are able to take advantage of a powerful dedicated server for the database, while retaining the flexibility of the cloud approach for the rest of our servers. I'm really happy with the solution now. In terms of results, I am already seeing far better page load times and far less resource use on the new hardware, so I think the migration has been a success. I will keep monitoring things and tuning as necessary.

Meta (lemm.ee) sunaurus • 9 months ago • 99%

# Happy new year! Hi folks! I hope everybody had a good holiday period and I wish you all the best for 2024. I have some quick updates to share about lemm.ee: ### Image uploads Image uploads are now enabled for all lemm.ee users 4 weeks after account creation. The upload size limit is currently set to 500kb. The 4 week account age requirement is in place to discourage spam and abuse. It is of course not a fool-proof solution, but let's give it a go and see what the results are. **Please note that lemm.ee is not intended to be a image hosting service!** Feel free to upload avatars and banners for your profile and communities, but please be aware that we reserve the right to modify the upload limits going forward, as well as delete old images if storage costs become too high. For image posts and comments, it would still be preferable for you to use an external image hosting service. ### Federation delays Over the holidays, our outgoing federation workers began experiencing some significant delays. I have been working on this problem for the past few days, and **after updating to 0.19.1, applying some additional patches to the code, and changing our infrastructure a bit, I believe the issue has been resolved.** The good news is that now that we are on 0.19, problems such as this do not cause Lemmy to completely drop federated activities, as we now retain a persistent queue of federation activities for all linked instances. This means that after the issue was resolved, our federation workers started going through the backlog of likes, comments, and posts which you had made over the past several days, and sending these out to other instances. Essentially, all of your activities did end up reaching their target servers, just with some additional delay. One quick side-note here, while we are now federating your activities in real-time again to most big instances, there is still a bit of a backlog left on the lemm.ee -> lemmy.world federation (it is a few days behind). I expect this to also catch up by tomorrow. ### Performance The new persistent federation queue is still quite a new feature in Lemmy, so it's a bit rough around the edges - after resolving the federation issues, our federation workers started going through the queue at extreme speed, which caused intense additional load on our database. This was one of the reasons for some performance degradation many of you noticed over the past few days. Additionally, since updating to 0.19, there have been regular performance issues for many users. I have managed to solve a few of these by making some changes in our infrastructure, but I am also aware of a few more issues which I will continue to monitor and hopefully improve in the near future. Sorry for the inconvenience, I hope that the changes I have made so far will help make it a bit smoother already! That's all from me for now, as always, feel free to comment if you have any thoughts, and have a nice day!

Meta (lemm.ee) sunaurus • 9 months ago • 99%

# Hey folks! Lemmy 0.19 was released this week! It brings a bunch of [awesome new features](https://join-lemmy.org/news/2023-12-15_-_Lemmy_Release_v0.19.0_-_Instance_blocking,_Scaled_sort,_and_Federation_Queue), so I hope you are all willing to forgive some downtime in order to upgrade to this latest version. Unfortunately some migration will be necessary as part of this upgrade, so it might take a while, but I will try to keep it as short as possible. I hope you are all having a great holiday period, and I will see you soon in 0.19! ------ ## Edit: Update complete! Welcome to 0.19! Unfortunately, the upgrade took somewhat longer than usual, but I believe everything is in order now. As always, please let me know if you notice anything strange, and have fun!

Meta (lemm.ee) sunaurus • 1 year ago • 98%

# Hey folks! I made a [short post](https://lemm.ee/post/5839513) last night explaining why image uploads had been disabled. This was in the middle of the night for me, so I did not have time to go into a lot of detail, but I'm writing a more detailed post now to clear up where we are now and where we plan to go. ### What's the problem? As shared by the lemmy.world team, over the past few days, some people have been spamming one of their communities with CSAM images. Lemmy has been attacked in various ways before, but this is clearly on a whole new level of depravity, as it's first and foremost an attack on actual victims of child abuse, in addition to being an attack on the users and admins on Lemmy. ### What's the solution? I am putting together a plan, both for the short term and for the longer term, to combat and prevent such content from ever reaching lemm.ee servers. #### For the immediate future, I am taking the following steps: ##### 1) Image uploads are completely disabled for all users This is a drastic measure, and I am aware that it's the opposite of what many of our users have been hoping, but at the moment, we simply don't have the necessary tools to safely handle uploaded images. ##### 2) All images which have federated in from other instances will be deleted from our servers, without any exception At this point, we have millions of such images, and I am planning to just indiscriminately purge all of them. Posts from other instances will not be broken after the deletion, the deleted images will simply be loaded directly from other instances. ##### 3) I will apply a small patch to the Lemmy backend running on lemm.ee to prevent images from other instances from being downloaded to our servers Lemmy has always loaded some images directly from other servers, while saving other images locally to serve directly. I am eliminating the second option for the time being, forcing all images uploaded on external instances to always be loaded from those servers. **This will somewhat increase the amount of servers which users will fetch images from when opening lemm.ee, which certainly has downsides, but I believe this is preferable to opening up our servers to potentially illegal content.** #### For the longer term, I have some further ideas: ##### 4) Invite-based registrations I believe that one of the best ways to effectively combat spam and malicious users is to implement an invite system on Lemmy. I have wanted to work on such a system ever since I first set up this instance, but real life and other things have been getting in the way, so I haven't had a chance. However, with the current situation, I believe this feature is more important then ever, and I'm very hopeful I will be able to make time to work on it very soon. My idea would be to grant our users a few invites, which would replenish every month if used. An invite will be required to sign up on lemm.ee after that point. The system will keep track of the invite hierarchy, and in extreme cases (such as spambot sign-ups), inviters may be held responsible for rule breaking users they have invited. While this will certainly create a barrier of entry to signing up on lemm.ee, we are already one of the biggest instances, and I think at this point, such a barrier will do more good than harm. ##### 5) Account requirements for specific activities This is something that many admins and mods have been discussing for a while now, and I believe it would be an important feature for lemm.ee as well. Essentially, I would like to limit certain activities to users which meet specific requirements (maybe account age, amount of comments, etc). These activities might include things like image uploads, community creation, perhaps even private messages. This could in theory limit creation of new accounts just to break rules (or laws). ##### 6) Automated ML based NSFW scanning for all uploaded images I think it makes sense to apply automatic scanning on all images before we save them on our servers, and if it's flagged as NSFW, then we don't accept the upload. While machine learning is not 100% accurate and will produce false positives, I believe this is a trade-off that we simply need to accept at this point. Not only will this help against any potential CSAM, it will also help us better enforce our "no pornography" rule. **This would potentially also allow us to resume caching images from other instances, which will improve both performance and privacy on lemm.ee.** ---- With all of the above in place, I believe we will be able to re-enable image uploads with a much higher degree of safety. Of course, most of these ideas come with some significant downsides, but please keep in mind that users posting CSAM present an existential threat to Lemmy (in addition to just being absolutely morally disgusting and actively harmful to the victims of the abuse). If the choice is between having a Lemmy instance with some restrictions, or not having a Lemmy instance at all, then I think the restrictions are the better option. I also would appreciate your patience in this matter, as all of the long term plans require additional development, and while this is currently a high priority issue for all Lemmy admins, we are all still volunteers and do not have the freedom to dedicate huge amounts of hours to working on new features. ---- As always, your feedback and thoughts are appreciated, so please feel free to leave a comment if you disagree with any of the plans or if you have any suggestions on how to improve them.

Meta (lemm.ee) sunaurus • 1 year ago • 99%

Sorry for the short post, I'm not able to make it nice with full context at the moment, but I want to quickly get this announcement out to prevent confusion: Unfortunately, [people are uploading child sexual abuse images on some instances](https://lemm.ee/post/5802229) (apparently as a form of attack against Lemmy). I am taking some steps to prevent such content from making it onto lemm.ee servers. As one preventative measure, **I am disabling all image uploads on lemm.ee until further notice** - this is to ensure that lemm.ee can not be used as gateway to spread CSAM into the network. It will not possible to upload any new avatars or banners while this limit is in effect. I'm really sorry for the disruption, it's a necessary trade-off for now until we figure out the way forward.

Meta (lemm.ee) sunaurus • 1 year ago • 96%

# Hey folks I have been receiving a lot of messages every single day about federation with hexbear. Some of our users are vehemently against it, others are in full support. The conversation does not seem to be dying down, rather, the volume of messages I receive about it seems to be increasing, so I am opening this public space where we can openly discuss the topic. I am going to write a wall of text about my own thoughts on the situation, I’m sorry, but no tl;dr this time, and **I ask anybody participating in this thread to first read through this post before commenting.** Before I go any further, I want to be clear that for anybody who participates here, it is **required** to focus on the quality of your posts. That means: * Be kind to each other, even if you disagree * Use arguments rather than calling people names * Realize that this is a divisive topic, so your comments should be **even more thoughtful** than usual With that out of the way, there are a few things I want to cover. ### On defederation in general First of all, I am a firm believer that defederation must be reserved only for cases where all other methods have failed. **If defederation is used liberally, then a small group of malicious users can effectively completely shut down the federated network**, by simply creating the type of drama between instances which would inevitably result in defederation. In my view, federation is the biggest strength of Lemmy compared to any centralized discussion forum, so naturally I think maintaining federation by default is an important goal in general. I am also a believer in the value of deplatforming hateful content, but I think **defederation is not the best way to do this**. Banning individual users, banning communities and establishing a culture of mutual support between mods and admins of different instances should be the first line of defense against such content. There are some further steps that can be taken before defederation as well, but these are not really documented anywhere (in order to prevent circumvention). The point is: for myself, defederation is the absolute last resort, only to be used when it is completely clear that other methods are ineffective. Finally, I am wary of creating a false expectation among lemm.ee users that lemm.ee admins endorse all users and communities and content on instances we are federated with. Here at lemm.ee, we use a blocklist for federation, which means our default apporach is to federate with all new instances. We do not have the resources (manpower, skills and knowledge) necessary to pass judgement on all instances which exist out there, as a result, users on lemm.ee are expected to curate their own content to quite a high degree. **In addition to downvoting and/or reporting as necessary, individual lemm.ee users are also able to block specific users and communities, and the ability to block entire instances is coming very soon as well.** Having said all that, **in a situation where all other methods do indeed fail, defederation is not out of the question**. Making such a call is up to the discretion of lemm.ee admins, and doing it as a last resort is completely in line with our federation policy. ### Regarding hexbear Hexbear is an established Lemmy instance, focused on many flavors of leftism. They have quite a large userbase who are very active on Lemmy (often so active that they leave the impression brigading all popular Lemmy posts). One important thing to note is that while some forms of bigotry seem to be quite accepted by many hexbear users (but seemingly not by mods - more on that below), they at least are very protective of LGBT rights (and yes, I am quite certain that they are not just pretending to do this, as many users seem to believe). Additionally, while I have noticed quite high quality posts from hexbear users, there are also several users there who seem to really enjoy trolling and baiting (very reminiscent of 4chan-type “for the lulz” posting), and it’s important to note that this kind of posting is in general allowed on hexbear itself. The reason this whole topic is important to so many people right now (despite hexbear being a relatively old instance), is that hexbear only recently enabled federation. A combination of their volume of posts, their strong convictions, the excitement about federation, and the aforementioned trolling has made them very visible to almost all Lemmy users, and this has sparked discussions about the value of federation with hexbear on a lot of Lemmy instances. #### My own experience with hexbear I want to write down my own experience with interacting with hexbear users, mods, and admins over the past few days. I believe this experience will highlight why I am hesitant to advocate for immediate full defederation from hexbear at this point in time, and am for now still more in favor of taking action on a more individual user basis. Please read and see how you feel about the situation afterwards. ##### Background My first real contact with hexbear users was in the comments section of [a post in this meta community requesting defederation from hexbear](https://lemm.ee/post/4287105) by @glimpythegoblin@lemm.ee. That post is now locked, because several hexbear users very quickly started doing the aforementioned “for the lulz” type spamming of meme images in the comments (these are actually just emojis, but they are rendered as full-size images on all instances other than the source instance, due to a current Lemmy bug). I did not want to take further actions in that thread in general (for archival purposes), but I did take one action, which in retrospect was a mistake: I removed a comment which contained the hammer and sickle symbol. I ignorantly associated this symbolism with Kremlin propaganda, and the atrocities my own people suffered at the hands of the soviet union during the previous century. Many users (including hexbear users) correctly (and politely) pointed out to me in DMs that the symbol has a much broader use than just as the symbol of the USSR, and people elsewhere in the world may not associate it with the USSR at all. I am grateful for users who pointed this out to me without resorting to personal attacks. Let me be clear here: while I do not have anything against leftism or communist ideas in general (in fact in today’s world, I think discussion of such ideas is quite necessary), **Kremlin propaganda has no place on lemm.ee**. Any dehumanizing talking points of the Kremlin on lemm.ee are treated as any other bigotry, and if communist symbolism is used in context of Kremlin propaganda (that is the context in which I have been exposed to it throughout my whole life), then it will still be removed. But there is no blanket ban on communist symbolism in general on lemm.ee, and **discussing and advocating for leftist and communist topics (as distinct from the imperialist and dehumanizing policies of the Kremlin) is certainly allowed on lemm.ee.** ##### Hexbear user response Coming back to the events of the past few days: soon after my removal of the comment containing the symbol from the meta thread, two posts popped up on hexbear. One was focused on insulting and spreading lies about me personally. Another was focused on diminishing the horrors of the soviet occupation in my country. In the comments under both of these posts (and in a few other threads on hexbear), I noticed some seriously disturbing bigotry against my people. There were comments which reflected the anti-Estonian propaganda of the current Russian state, things like: * Suggesting that my people has no right to exist * Stating that my people (and other Baltic nations) are subhuman * Claiming that anybody critical of both nazi and soviet occupations is themselves a nazi and a holocaust denier I expect to hear such statements from the Russian state - here in Estonia, we are subjected to this and other kinds of bigotry constantly from Russian media - but to see it spread openly in non-Russian channels is extremely disturbing. Such bigotry is completely against lemm.ee rules in general. Additionally, my identity is public information, because I feel it’s important for the integrity of lemm.ee that I don’t hide behind anonymity. Considering this, I’m sure you can understand why I am very worried about my own safety when people leave comments in many unrelated threads (where my original posts are not even visible), baselessly calling me a nazi and a holocaust denier. *Note that the goal of this post is not to start a new debate in the comments about the the repressions of the soviet union in Estonia or other occupied territories, but if the topic interests any users, I can recommend the 2006 documentary The Singing Revolution ([imdb](https://www.imdb.com/title/tt0954008)). The trailer is a bit cheesy, but the actual film contains lots of historical footage from the soviet occupation, and also many interviews with people who experienced it, who share stories which are deeply familiar to all Estonians. If anybody is interested in further discussion, then I suggest making a post about it in the Estonian community here: !eesti@lemm.ee.* ##### Hexbear admin response After the above events had played out, I reached out to hexbear admins for clarification on their moderation policies and how they handle such cases. I was actually very happy with their response: 1. They immediately removed the personal attacks and dehumanizing comments containing Kremlin propaganda from Hexbear, and assured me that such content is always handled by mods 2. They told me that while there are all kinds of leftists on hexbear, Russian disinformation is generally either refuted in comments or removed by mods 3. They implemented some additional rules on hexbear to try and reduce the trolling experienced by many other instances, including ours: https://hexbear.net/post/352119 ##### My personal take-aways Let me play the devil’s advocate here and employ some “self-whataboutism”: among all users that have been banned on lemm.ee for bigotry, the majority were actually not users from other instances, and in fact people with lemm.ee accounts. If we judge any larger instance only by bigoted posts that some of its users make, then we might as well declare all instances as cesspools and close down Lemmy completely. I believe it’s far more useful to judge instances based on moderation in response to such content. **Just as we remove bigoted content from lemm.ee, I have also witnessed bigoted content being removed from hexbear.** At the same time, I am aware of some internal conflict between hexbear users over the more strict moderation they are now starting to employ, and I am definitely keeping an eye on that situation and how admins handle it. I am also still quite worried about the amount of distinct users on hexbear who have posted Kremlin propaganda. I so far don't have reason to believe that these users are employed by the Russian state, but the fact that they are spreading the same hateful content which can be seen on Russian television seems problematic to say the least, and it remains to be seen if moderators can truly keep up with such content. ### Where thing stand right now I am not convinced that we are currently at a point where the “last resort” of defederation is necessary. This is based on the presumption that our moderation workload at lemm.ee will not get out of hand just due to users from that particular instance. My current expectation is that as the excitement of federation calms down (and as new rules on hexbear go into effect), the currently relatively high volume of low effort trolling will be replaced by more thoughtful posts. If this is not the case then we will certainly need to re-evaluate things. Additionally, nothing is changing about our own rules regarding bigotry. Especially relevant in the context of Kremlin propaganda, I want to say that dehumanizing anybody is not allowed on lemm.ee (hopefully I do not have to spell it out, but this of course includes Ukrainians, LGBT folks, and others that the Kremlin despises), and action will be taken against any users who do this, regardless of what instance they are posting from. Finally, I am very interested to hear thoughts and responses from our own users. I am super grateful to anybody who actually took the time to read through this massive dump of my own thoughts, and I am very interested to get a proper understanding of how our users feel about what I’ve written here. Please share any thoughts in the comments.

Meta (lemm.ee) sunaurus • 1 year ago • 99%

# Hey all! I promised to write an update about our current financial situation. This post will list all the incomes and expenses for the past few months up until today. I will also try to give some estimates on future expenses. ---- ## Let's start with expenses **June** * 14.12€ - Outgoing e-mails * 222.28€ - Cloudflare Pro (1 year subscription, paid upfront) **July** * 94.32€ - Server infrastructure for June * 22.06€ - Outgoing e-mails **August** * 280.70€ - Server infrastructure for July * 13.84 - Outgoing e-mails #### Total expenses so far: 647.32€ ---- ## Next up: income **June** * 500€ - initial contribution by myself **July** * 174.66€ - Ko-Fi donations for June **August** * 247.64€ - Ko-Fi donations for July * 1358.95€ - GitHub sponsorships for June, July and August **(pending until the 22nd)** #### Total income so far: 922.30€ + 1358.95€ (pending) ---- ### Current balance: 274.98€ (cleared) + 1358.95€ (pending) ---- One more note regarding the donations: the bulk of the donation income is actually from early July. Initially in July, the split between one time and recurring donations was roughly 50%-50%, but at this point in August, most (over 90%) of income is generated by recurring donations. ---- Let me also try to answer a few potential questions: #### Why is the GitHub sponsorship income pending? I opened GitHub sponsorships in June. GitHub has a policy to initially hold all funds for a 60-day probation period to prevent abuse, so they have been holding all sponsorships for the past few months. As of today, we have passed the 60-day period, and I can see an update in my dashboard which says that all accumulated funds will be released on the 22nd (and any future funds will be paid out monthly after that). #### Will infrastructure costs keep increasing? I don't want to jinx it, but in fact I believe we have managed to stabilize costs for now. I expect August costs to be more or less similar to July. I don't have an exact figure here, because I am constantly scaling resources up to respond to spikes in traffic, and scaling down whenever I am able to optimize any slow parts of Lemmy. But on average I believe we won't be using more resources in August than we did in July. By the way, quick side note here: many developers have submitted several great optimization patches to Lemmy over the summer, and without this, it would be almost impossible to run Lemmy at its current scale. I'm 100% sure that if the whole network downgraded to 0.17.4 today, the network would just collapse. Having said that, there is still a long way to go with optimizations, with many known issues that still need to be solved. #### How long will our current funds last us? Assuming we don't need to massively scale up servers any time soon, **our current buffer will last us at least until the end of 2023, if not longer**. ---- ## I want to give a huge thanks to all sponsors and donors - as you can see from the numbers, you are having a huge effect on the financial viability of lemm.ee! We have certainly scaled past a point where I could financially support lemm.ee just on my own, so all lemm.ee users truly owe their gratitude to all sponsors for covering the costs of this platform. ---- As always, if anybody has any further questions or comments, please let me know!

Meta (lemm.ee) sunaurus • 1 year ago • 99%

# Hey folks! It's time for some lemm.ee updates! Feel free to skip ahead to whichever sections seem interesting to you. ## New bot rules The reception to [my previous meta post](https://lemm.ee/post/1847525) was very positive, so we are going ahead with the new bot rules on lemm.ee. The new rules have been added to our front page sidebar and **will be enforced by admins starting on the 1st of August**. The final version of the rules look like this: * All bot accounts must be explicitly marked as bots * Bots must not vote on any posts or comments * Bots must disclose their specified purpose in their profile * Bots must not be responsible for the majority of content in any community The goal for now is to limit bots to a support role. In other words, we have nothing against bots which are used to support running a community for real people, but we do not currently want to host communities which are completely filled with bot content on lemm.ee. It's definitely true that bot-only communities might provide valuable content, but we need to balance this value with how bots affect our feeds. If in the future the volume of organic user-created content on lemm.ee increases to a point where bots can't easily overwhelm the local feeds, then we may reconsider the last rule. I apologize again to any bot developers who have chosen lemm.ee as the home for your bot-driven communities, I hope you can find another instance without too much trouble. ## 0.18.3 update Last week, lemm.ee was updated to Lemmy version 0.18.3. We were previously already running a patched version of 0.18.2 which included many of the performance improvements that landed in .3, so the upgrade did not have as much of an effect on lemm.ee as it probably did on many other instances. In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again. ## lemm.ee stance on hosting alternate Lemmy frontends In the past few months, a lot of alternate web UIs for Lemmy have started cropping up. I've checked out a few of these and I think a few look really cool! While such frontends generally provide ways to use them without being directly hosted on any specific instance, some instances have begun hosting such frontends on their own servers as well. I've also received a few dozen requests to host such frontends directly on lemm.ee. I would like to address these requests directly here. **For the time being, I am not planning to host any other frontends than the default lemmy-ui on lemm.ee.** There are several reasons for this. I am personally familiar with lemmy-ui code (to a reasonable extent). I know what it's doing overall, I know several of its pitfalls and I am able to quickly react in case of issues. As just one example, lemm.ee was the first instance in the world which fixed the weak script-src CSP in lemmy-ui that enabled the recent login session breach on some other instances - this is because I deployed the code on lemm.ee before I submitted a PR to the lemmy-ui repo with the fix. The above would not be true for alternative frontends. I don't have the capacity to go through the implementation details of additional projects at the moment, so I have no idea what the code would be doing in any third party UI. I have no way to guarantee that it's not malicious to begin with. Even if the code is not malicious, I would not be able to quickly apply patches if problems crop up. As a result of all this, I am not comfortable with hosting these third party frontends on lemm.ee for now. Note that this does not mean you're not able to use such frontends with lemm.ee - all the ones I've checked will work perfectly fine without being hosted on the same domain as the instance itself. But as with any 3rd party app, please be careful when using these frontends - by doing so, **you are effectively sharing your username and password with anybody who is developing and hosting them**. ## Personal note Some of you may have noticed that I have been a bit less active in the several Lemmy-related communication channels &amp; GitHub for the past week or so. The reason for this is that I've had two stressful things happen: earlier this month, I found extensive water damage in my house which is not covered by insurance. Even worse, shortly after this discovery, I received news that my current place of work, a startup, is shutting down at the end of August (mostly due to changed market conditions). As a result, I've been spending a fair bit of time trying to deal with the renovation of my house &amp; now am also spending additional time trying to figure out where I can land in terms of employment in order to keep putting food on the table. Nevertheless, I am hoping to get back to more Lemmy contributions soon. Sorry to use this space for selfish purposes, but I would like to take this chance to note that **if anybody is looking for a remote software engineer, I am currently open to new opportunities!** Just as a short overview about myself: * I've been working as a software engineer for over a decade, about 5 years in technical leadership roles * I have experience with end to end ownership of software platforms - everything from writing code to running it in production * I'm based in the EU but happy to work in either EU or US timezones * For the past few years, my main tech stack has been TypeScript (nodejs/react) + Postgres + Terraform, but I have extensive experience with a lot of other technologies and generally am quite adaptable * I have experience running platforms at considerably bigger scale than Lemmy I would of course happily go into much more details if you contact me directly, so if this is interesting to anybody then please feel free to reach out! **Also, please let me assure anybody who is worried: lemm.ee funding is not currently in jeopardy.** For the next couple of months, lemm.ee is not even dependant on a single cent of my own financial contributions, as community support has provided enough money already to give us a nice buffer. I am planning to write a summary of our financials in the next few weeks, please keep an eye on the meta community if you're interested in seeing this! That's all for now, thanks to anybody who has made it this far! As always, please feel free to leave comments below if you have any thoughts or questions.

Eesti (Estonia) sunaurus • 1 year ago • 100%

www.err.ee

Tallinnasse sõites peaks vist päästevesti kaasa võtma?

Meta (lemm.ee) sunaurus • 1 year ago • 98%

# Hey folks! ### Bots on lemm.ee There has been some discussion lately regarding bot accounts on lemm.ee. Many users have noticed that some of our feeds are dominated by bot posts. These bot posts are not super engaging - they generally don't generate any discussions. The most problematic bots are the ones which just repost large amounts of content from elsewhere. I have looked over a lot of user feedback on this issue, and also discussed the matter with other lemm.ee admins. **We feel that at this time, repost bots are not healthy for lemm.ee, so we are introducing some new rules to limit such bots.** To be clear, I have nothing against users who want to use bots to just help organize and run their communities. The problem is specifically with communities which are not just supported by bots, but actually overwhelmingly run by bots. #### Proposed new rules for bots The rules we are considering are as follows: * All bot accounts must be explicitly marked as bots (can be done through the API or on the user settings page) * Bots are not allowed to vote on any posts or comments * Bots should disclose their specified purpose in their profile description * Bots should not have a disruptive influence on a community * **Bots should not be responsible for the majority of content in any community** If you are a bot developer and you can already tell that your bot would be in violation of some of these rules, then I am very sorry to inconvenience you, but I would ask to please choose (or consider hosting!) another Lemmy instance for your bot. **These rules are not in effect yet, but if reception is positive, then we will start enforcing these rules from the 1st of August!** ##### Please share your feedback, both negative and positive, in the comments below! ### Lemmy programming stream For some unfortunate personal reasons, I will be having some extra free time in August. A silver lining to this is that I will most likely be able to use some of this free time to increase my contributions to Lemmy! I've had an idea for a while that a programming stream focused on Lemmy might help to bring in additional new contributors and generate additional interest in Lemmy, so today, I am planning to do an experimental programming stream, where I will first try to learn about, and then improve, the 2fa logic which is currently implemented in Lemmy. Some caveats: * I am not a streamer or an entertainer, so this might be an extremely boring stream * I am not some amazing superstar programmer, so I might make dumb mistakes or miss obvious things, please don't hold that against me 😅 If this sounds interesting to you, I am planning to do a 1 hour stream starting **right now** at https://twitch.tv/sunaurus. Feel free to jump in! If it's not a massive failure, then I will also upload a recording later on. **Edit: Stream is over, thanks to all who tuned in!**

Eesti (Estonia) sunaurus • 1 year ago • 100%

Pildid, mis meediast läbi on käinud, on väga uhked, aga ma ei suuda küll ette kujutada, et reaalselt midagi sellist Tartu kesklinna tekiks 😃

Meta (lemm.ee) sunaurus • 1 year ago • 99%

# Hey folks! I have deployed an unreleased Lemmy optimization on lemm.ee which **significantly** speeds up the query for loading posts. **So far, all seems good, but if you notice any issues with any of the post feeds, please let me know!** --- ### For more context: Over the past few days, I have noticed a serious degradation for front page load times for some users. I have been trying different optimizations without much success, until I found an idea by @phiresky@lemmy.world to make a relatively small change to the database query for loading posts. I implemented this idea and made a PR to Lemmy, you can check my PR here: https://github.com/LemmyNet/lemmy/pull/3653. Initial results seem amazing, my personal subscribed feed now loads extremely quickly, and I'm seeing from monitoring that load times should be improved for other lemm.ee users as well!

Meta (lemm.ee) sunaurus • 1 year ago • 97%

# Hey folks! I think I usually write too much, so I will try to keep it short and sweet this time. ### Discord I have created an official Discord server for lemm.ee! This is mostly intended as a back-up channel to share announcements with users - for example, if there is ever an incident and lemm.ee is offline, I can send updates about the situation in Discord. But feel free to join if you just want to chat with other lemm.ee users as well! You can join the Discord at this link: https://discord.gg/XM9nZwUn9K ### New admins Two new admins have been added to the team! @Matt_Glan@lemm.ee and @Aris@lemm.ee have stepped up and volunteered to help me take care of the report queue. I think having good admins is super important to ensure a pleasant experience for all users, so I'm super happy that we have users who were willing to share this responsibility with me. My hope is that adding a few more admins has helped ensure that I am less of a single point of failure for lemm.ee now. I am still considering maybe adding one or two more admins in the near future, but in terms of actual workload, I think the current team is already a pretty good size. Anyway, that's all I have for you for now - please join the Discord if that's something you're interested in, and please welcome our new admins! ---- Edit: @prefix@lemm.ee has been added as an admin as well! For now, I believe this is a good size for the team, we won't be adding any more admins in the near future. A big thanks to all who responded to the call for admins!

Lemmy sunaurus • 1 year ago • 96%

I think for a while leading up to the recent session stealing hack, there has been a massive amount of positivity from Lemmy users around all kinds of new Lemmy apps, frontends, and tools that have been popping up lately. Positivity is great, but please be aware that basically all of these things work by asking for **complete access** to your account. When you enter your Lemmy password into any third party tool, they are not just getting access to your session (which is what was stolen from some users during the recent hack), they also get the ability to generate more sessions in the future without your knowledge. This means that even if an admin resets all sessions and kicks all users out, anybody with your password can of course still take over your account! This isn't to say that any current Lemmy app developers are for sure out to get you, but at this point, it's quite clear that there are malicious folks out there. Creating a Lemmy app seems like a completely easy vector to attack users right now, considering how trusting everybody has been. **So please be careful about what code you run on your devices, and who you trust with your credentials!**

# UPDATE: The latest RC version of Lemmy-ui (0.18.2-rc.2) contains fixes for the issue, but if you believe you were vulnerable, you should still rotate your JWT secret after upgrading! Read below for instructions. Removing custom emoji is no longer necessary after upgrading. Original post follows: ---- This post is intended as a central place that admins can reference regarding the XSS incident from this morning. ### What happened? A couple of the bigger Lemmy instances had several user accounts compromised through stolen authentication cookies. Some of these cookies belonged to admins, these admin cookies were used to deface instances. Only users that opened pages with malicious content during the incident were vulnerable. The malicious content was possible due to a bug with rendering custom emojis. **Stolen cookies gave attackers access to all private messages and e-mail addresses of affected users.** ### Am I vulnerable? **If your instance has ANY custom emojis, you are vulnerable**. Note that it appears only local custom emojis are affected, so federated content with custom emojis from other instances should be safe. ### I had custom emojis on my instance, what should I do? This should be enough to mitigate now: 1. Remove custom emoji ``` DELETE FROM custom_emoji_keyword; DELETE FROM custom_emoji; ``` 2. Rotate your JWT secret (invalidates all current login sessions) ``` -- back up your secret first, just in case SELECT * FROM secret; -- generate a new secret UPDATE secret SET jwt_secret = gen_random_uuid(); ``` 3. Restart Lemmy server If you need help with any of this, you can reach out to me on Matrix (`@sunaurus:matrix.org`) or on Discord (`@sunaurus`) ### Legal If your instance was affected, you may have some legal obligations. Please check this comment for more info: https://lemmy.world/comment/1064402 ##### More context: https://github.com/LemmyNet/lemmy-ui/issues/1895 https://github.com/LemmyNet/lemmy-ui/pull/1897

Meta (lemm.ee) sunaurus • 1 year ago • 100%

Hey folks! So far, I have been the sole admin at lemm.ee. Most reports I receive don't really require any action from me - they are handled directly by moderators of the communities the reports originate from. Still, there is a chance that any reported post might contain content which would need to be purged from lemm.ee servers, so even reports that don't need any action should still be checked by an admin. The volume of incoming issues has been quite manageable so far, but I have noticed a steady increase in daily reports lately. Additionally, there is nobody covering the report queue while I am sleeping or otherwise unable to access my computer. I would like to ensure that there is a bit more redundancy in the admin team, so I am looking to potentially add one or two admins. Specifically, I am looking for somebody who would be willing to share the following responsibilities (copied from our [administration policy](https://lemm.ee/post/401063)): ##### Admins * Ensure that there are no communities on lemm.ee which break lemm.ee rules * Ban lemm.ee users who break our rules on other instances * Ban users who consistently break rules across multiple communities * Purge illegal content from lemm.ee Note: I am not looking for help with system administration work at this time, this is strictly about administration within Lemmy itself. ---- **Please be aware that being an admin is unfortunately quite a thankless job - if you're doing your job well, then most people won't even realize you're doing anything. OTOH, if you make mistakes, there will likely be many users calling you out in public.** The main motivation for joining the admin team would need to be a desire to help build and maintain this instance as a great home for yourself and others. If there is anybody who would be interested in helping out even despite the above disclaimer, please leave a comment with the following info: * On a typical day, during what hours are you active on lemm.ee (with timezone info) * Do you have any previous experience with moderation/administration * Are you in agreement with the current state of the [lemm.ee administration policy](https://lemm.ee/post/401063)

Meta (lemm.ee) sunaurus • 1 year ago • 87%

# Context There have been a lot of posts and comments recently about Facebook entering the fediverse, and how different instances will handle it. Many people have asked me to commit to pre-emptively defederating from Threads before they even implement ActivityPub. The [lemm.ee federation policy](https://lemm.ee/post/401063) states that it's not a goal for lemm.ee to curate content for our users, but we will certainly defederate any server which aims to systematically break our rules. I want to point out here that Facebook makes essentially all of its money from advertising, and lemm.ee has a no advertising rule - basically, Facebook has a built-in financial incentive to break our rules. ActivityPub has no protections against advertising, so it's likely we will end up having to eventually defederate from Threads just for this reason alone. However, I would still like to get a feel for how many people in our instance are actually excited for potential federation with Threads. While personally I feel that any theoretical pros are by far outweighed by cons, I do want to use this opportunity to see how much of the community disagrees with me. I am not intending to run this instance as a democracy (sorry if anybody is disappointed by that), but I would still like to have a clear picture of user feedback for potentially major decisions such as this one. This is why **I am asking every user who wants lemm.ee to federate with Facebook to please downvote this post**. ------ ### Here are some reasons why I personally believe that Threads will have a negative effect on the fediverse * As mentioned above, Facebook is completely driven by ad revenue. There is nothing stopping them from sending out ads as posts/comments with artificially inflated scores, which would ensure that their ads end up on the "all" page of federated servers. * Threads already has more users than all Lemmy instances combined. Even if their algorithms don't apply to the rest of the fediverse directly, they can still completely dictate what the "all" page will look like for all instances by simply controlling what their own users see and vote on. * Moderation does not seem to be a priority for Threads so far, meaning that they would create massive moderation workloads for smaller instances. * In general, Facebook has shown countless times that they don't have their users best interests in mind. They view users as something to exploit for revenue. There are probably ways they are already thinking about hurting the fediverse that we can't even imagine yet. ### By the way, we're not really in any rush today with our decision regarding federation * Threads does not have ActivityPub support yet today * Even if they add ActivityPub support, their UX is geared towards Mastodon-like usage - it seems unlikely that there would ever be proper interoperability between Threads and Lemmy * We don't really know **what** to defederate from - it's completely possible that "threads.net" will not be their ActivityPub domain at all. ------- So go ahead and downvote if you feel defederation would be a mistake, and feel free to share your thoughts in the comments! **It would be super helpful to me if folks who are in favor of federating with Threads could leave a comment explaining their reasoning.** ------ # Update: By now, it's clear that there is a group of users who are in favor of federating with Threads. The breakdown is like this (based on downvotes): * lemm.ee users: 136 in favor of federating with Threads * Others: 288 in favor of federating with Threads While it seems to be a minority, it's still quite a few users. There is no way to please all users in this situation - any decision I make will certainly inconvenience some of you, and I apologize for that. A big thanks to everybody who has shared opinions and arguments in comments so far. I think there are several well written comments that have been unfairly downvoted, but I have personally read all comments and tried to respond to several as well. I will keep reading them as they come in. ### The main facts I am working with right now are as follows: * The majority of lemm.ee users are strongly opposed to immediately federating with Threads * Facebook has a proven track record of exploiting users (and a built-in financial incentive to do so) * We currently lack proper federation/moderation tools to allow us to properly handle rule breaking content from Facebook ### Considering all of the above, I believe the initial approach for lemm.ee should be to defederate Threads, and then monitor the situation for a period of time to determine if federating with them in the future is a realistic option In order to federate with them, the following conditions would need to be fulfilled: * There needs to be actual interoperability between Threads and Lemmy * Threads needs to prove that they are not flooding instances with rule-breaking content (mainly ads and bigotry for lemm.ee) * There needs to be a mechanism to prevent feed manipulation by Threads algorithms (potentially this means discarding all incoming votes from Threads) Note: this is an initial list, subject to change as we learn more about Threads. **Again, I realize this approach won't please everybody, but I really believe it's the best approach on a whole for now.** Please feel free to keep adding comments and keep the discussion going if you think there is something I have not considered.

Meta (lemm.ee) sunaurus • 1 year ago • 96%

👋 to all the newcomers, let me know if you need any help getting settled in!

Meta (lemm.ee) sunaurus • 1 year ago • 100%

# Hey lemmings! I wanted to share a quick update about our recent performance issues and how I have addressed them. ## The last 24h have been a bit rough for lemm.ee. Last night, I spent some time [debugging federation issues with lemmy.world](https://lemm.ee/post/493966). We managed to significantly improve the situation - lemmy.world content is now reaching lemm.ee with a very high success rate - but this has had the effect of increasing incoming federation traffic on our servers significantly. Additionally, we have been seeing steadily increasing normal user traffic over the past week, which is awesome from a community standpoint, but of course means that our servers have to do more work to keep up with all the new people. To top things off, today there appeared a badly configured instance in the network, which was effectively launching a DoS attack against lemm.ee for several hours. Most likely it was unintentional, but unfortunately the end result was a sudden increase in our server load. **All these factors combined resulted in a really bad experience for most lemm.ee users today.** Page load times have consistently been spiking into as much as 10 seconds or more for the whole day:  In fact, a lot of page loads just timed out with errors. ## Fortunately, it seems I have managed to clear up the problems! I have put a bunch of mitigations in place, and after monitoring the situation for the past hour, it seems that **our performance issues have been resolved for now.** So hopefully, you can enjoy browsing lemm.ee again without it feeling like torture! Here are specific steps I took: * I have **doubled the hardware resources for our backend servers and database**. * I purchased a Cloudflare pro subscription for lemm.ee for 1 year. This took out a considerable chunk of my budget for lemm.ee, but in return it will allow me to analyze and optimize our cache usage to a far greater extent. I am already seeing vastly reduced load times for cacheable content (try opening https://lemm.ee a few times in a row as a logged out user - it should be blazing fast now!) * I have configured a rate limiter which will prevent future DoS from the specific method that was used against us today. Of course, all of the above is costly. Luckily, lemm.ee users have been very generous with donations in the month of June, and in fact a significant amount of donors have opted for monthly recurring contributions. This all gives me the confidence to increase our spending for now, and I am currently expecting to NOT increase my personal planned contribution of 150€/month, **as the increased costs so far are entirely being covered by donations**! #### Let me take this opportunity to thank the sponsors who made the upgrades possible! All lemm.ee users are now enjoying better performance thanks to you, I could not have done it without you awesome people. On a final note, I just want to say that I hope a lot of these issues can be solved by optimizations in Lemmy software itself in the future. I have been personally contributing several optimizations to the Lemmy codebase, and I know many others are focused on optimizations as well. Just throwing extra resources at the problem will probably not be a sustainable solution for very long 😅. But I am optimistic that we are moving in the right direction with the software changes, and we'll be enjoying reduced resource needs before long. That's all I wanted to share today, I wish you all a great weekend!