sunaurus

sunaurus , 5 days ago

Most actions federate, any exceptions which aren't federated yet are generally just there because the federation logic has not been implemented (but improvements are constantly being worked on).

Generally federating the modlog is mostly just there for informative purposes. As in, we can check what mod actions were taken on instance A through the modlog on instance B (and there is no mechanism in Lemmy for other instances to retroactively remove or hide federated modlog items, btw).

sunaurus , 5 days ago

Banning a local user from a local community does actually federate already

sunaurus , 5 days ago

Regarding your question:

Lemmy federation basically works by copying stuff from their source instance to all other federated instances. So if I write a comment on lemm.ee, other federated instances will get their own copy of my comment. They will also all know that the "authority" for this comment is lemm.ee.

If an admin on another instance decides to delete their local copy of my comment on lemm.ee, then they are always free to do so (for example, some instances might want to moderate more strictly), but any actions they take like this are limited to their own instance - for the rest of Lemmy, lemm.ee remains the authority for this comment, so individual remote instance admins taking actions won't have any effect on any other instances.

As for the original topic of modlog federation, basically it just boils down to this: just like with the comment example above, Lemmy instances also save a local copy of incoming federated mod logs. The Lemmy software does not yet have 100% coverage in terms of federating mod logs (for example, there are no federated logs yet for instance admins banning remote users), but this coverage has been increasing, and I expect this will eventually get to 100% (just needs more dev time really).

Also, if some instance admins try to tamper with their mod logs, then other instances can still see the real history, because there is no way for an instance admin to delete copies of their mod log from other instances.

sunaurus , 8 days ago

Big thanks to all maintainers and contributors!

sunaurus , 7 days ago

It's the first option in the dropdown:

https://lemm.ee/pictrs/image/330f378a-9655-4084-b38d-7b8dc38c4f11.webp

sunaurus , 2 months ago

You can check the federated/defederated instances for any instance on the /instances page. For example:

https://sh.itjust.works/instances

https://beehaw.org/instances

sunaurus , 2 months ago

I'm a simple man:

“What day is it?” asked Pooh.

“It’s today,” squeaked Piglet.

“My favorite day,” said Pooh.

sunaurus , 2 months ago

I've been a bit overloaded at work for the past week or so, haven't had a lot of time or energy for hobbies. Hopefully will be able to finish up some bigger topics this week so I can relax a bit. Really looking forward to the weekend.

Welcome to lemm.ee, /c/casualconversation!

sunaurus , 2 months ago

incorporated into the UI, rather than a piece of text in the post.

How would other instances (or other ActivityPub software) know about it if it's not a piece of text in the post?

sunaurus , 2 months ago

The built-in search feature is actually quite decent I find, is it not working well for you?

sunaurus , 2 months ago

Should work just fine for posts and comments as well, for example, here's a search result containing your comment

sunaurus , 2 months ago

That's true, it will only show content which has been federated to lemm.ee, so indeed if you want to search for more content than is available on your instance, you would need some additional tools for that.

sunaurus , 2 months ago

For context I use all of these daily: Linux (servers + handheld gaming), Windows (gaming), Mac OS (work & general purpose). I used one of the first iPhones around 2008, then exclusively Android for 10 years, and then back to iPhones.

Iphone users of Lemmy, people say not to trust you on tech insights.

IMO, these "people" with such takes are the only ones who shouldn't be trusted on tech insights here :P

sunaurus , 2 months ago

Awesome work!

Do you have an idea yet for the timeline of the 0.19.4 release?

sunaurus , 2 months ago

Obviously being instance-banned won’t prevent you from commenting on their posts, it just won’t get federated to that instance

I am actually working on fixing this right now, so that in the future, users would be prevented from commenting in this situation

sunaurus , 2 months ago

The sad fact is that some people keep constantly spreading false rumors about Lemmy devs not working on mod tools. Anybody can just take a few minutes and go through the past Lemmy updates in this community to see that moderation improvements are basically worked on constantly (and this is not some recent change either). But there are plenty of users who never bother to actually check this, and so the rumors keep spreading.

sunaurus , 2 months ago

Just a hunch, but is it possible you missed the --recursive flag when cloning the repo?

sunaurus , 2 months ago

This "ads as posts" thing was one of my two biggest concerns with Threads federation. I really hoped I would turn out to be wrong about it, but at the end of the day, both Facebook itself, as well as big social media influencers, rely on advertising for their profits. For anybody looking to avoid ads on Lemmy, it seems like direct federation with Threads is not a good idea currently. On lemm.ee, "no advertising" has been one of our 4 core instance rules from the start.

My other major concern was Threads having the ability to enforce their feed algorithms on federated instances through sheer number of votes on things they show in their feeds, but judging by what you're saying about the engagement, at least that concern has not materialized (at least yet).

sunaurus , 2 months ago

I think nearly all big Lemmy instances have in fact defederated, you can check this list: https://fedipact.veganism.social (filter by software: Lemmy)

sunaurus , 2 months ago

On 0.19.3, you can:

1. Limit the file upload size for local users through nginx configuration
2. Disable incoming federated images through Lemmy configuration: https://github.com/LemmyNet/lemmy/blob/main/config/defaults.hjson#L49 (set this to false)

sunaurus , 2 months ago (edited 2 months ago)

IMO, in practical terms, 3 key things should imapct instance choice:

1. Basic instance rules (including things like community creation policy, nsfw allowed, etc)
2. Federation policy
3. Instance infrastructure (hardware & how it's managed)

Content specialization really shouldn't matter IMO, because as long as the federation policy is OK for you, then you can participate in any communities, regardless of what instance they are on. In other words, even if you're super interested in french cinema, there is no need to centralize all users interested in this topic on a single french cinema instance. Thanks to federation, users from all instances (accounting for federation policy) should be able to become fully fledged participants in any french cinema communities.

Of the points I listed above, #1 and #2 are easier to include in an instance introduction, I'm not sure how to properly and reliably reflect #3 in any kind of overview. At the end of the day, I think most users tend to figure out their long-term home instance a while after they first join Lemmy, and quite often, it's not their original instance, so maybe it's not that important to emphasize the initial instance choice too much?

sunaurus , 2 months ago

I think community discovery can (and should) be improved for sure!

Currently it's true that you can use topic-centered instances for this, I do this myself as well, but I do think it has quite significant downsides in terms of creating pockets of centralization. For example, if you're a user who is ONLY interested in french cinema (or any specific topic) on Lemmy, and all of the related communities and other invested users are on a single instance, then for you, the experience is absolutely no different from any centralized platform - the french cinema instance admins have 100% control over your Lemmy experience.

sunaurus , 2 months ago

If I have several backends that more or less depend on each other anyway (for example: Lemmy + pict-rs), then I will create separate databases for them within a single postgres - reason being, if something bad happens to the database for one of them, then it affects the other one as well anyway, so there isn't much to gain from isolating the databases.

Conversely, for completely unrelated services, I will always set up separate postgres instances, for full isolation.

sunaurus , 3 months ago

I love the idea of Matrix, but I'm so done with Element on my phone telling me it is "Syncing..." for two minutes, only to end up with 1 new message in 1 channel... 😅

sunaurus , 3 months ago

Interesting project! Can you explain the vision a bit more - I understand that every instance can have their own version of an article, but how would a user know which version of an article is most relevant to them to read (and maybe even contribute to)?

sunaurus , 3 months ago

I think something is being lost in communication here. Nothing is being destroyed.

I keep seeing this disconnect, I think it needs to be emphasized: Lemmy maintainers have been focusing (and continue to focus on) safety and moderation improvements. Anybody can verify this by looking through PRs/commits/RFCs on GitHub.

I think I understand where the disconnect is coming from - there have been a few responses in some of these threads by Lemmy devs where they tell people to be less rude and demanding, and to contribute if they desperately want some feature. Perhaps as an observer, this sounds like "we do not care about mod tools" or whatever, but reality is just different.

Perhaps it would be useful to do a more in-depth post about all the stuff Lemmy devs have worked on and are currently working on? I mean things like:

• When purging a federated user, federate local community removals. (#4505)
• Mods and admins can comment in locked posts (fixes #4116) (#4488)
• When site banning a federated user, also remove their content from our local communities. (#4464)
• Store password reset token after email successfully sent (fixes #3757) (#4489)
• Require verified email to reset password (#4482)
• Correctly synchronize collection of community featured posts (fixes #3867) (#4475)
• Ignore expired bans in CommentReportView::read, just like in CommentReportQuery::list (#4457)
• Auto resolve reports on removing a comment or post. Fixes #4390 (#4402)
• ... the list goes on and on and on, these are just a very small and incomplete list of examples of already merged PRs which took me 30 seconds to quickly find on GitHub

I feel like there is this meme developing in Lemmy that maintainers are putting out a message of not caring about mod tools, which anybody with context will know is completely false, but I think most Lemmy users (and even many admins!) just don't have this context.

sunaurus , 3 months ago

I am very sad about the situation with Beehaw specifically.

I think it's a very unfortunate case where all parties have the best intentions of building something great with Lemmy, but through different circumstances, relations have soured and involved people no longer think they have a shared vision (which in my opinion is actually not true - I believe that Beehaws vision fits in very well with the direction Lemmy is going, especially with private communities being planned soon).

I am still hopeful that things can be improved, but we will see.

sunaurus , 3 months ago

Nice post, I enjoyed the storytelling. Glad it's all sorted now 😁

Btw, regarding this point:

All in all, this has been a fairly frustrating experience and I can’t imagine anyone who’s not doing IT Infrastructure as their day job being able to solve this. As helpful as the other lemmy admins were, they were relying a lot on me knowing my shit around Linux, networking, docker and postgresql at the same time. I had to do extended DB analysis, fork repositories, compile docker containers from scratch and deploy them ad-hoc etc. Someone who just wants to host a lemmy server would give up way earlier than this.

I think you're totally right, but at the same time, I think the collaborative troubleshooting that happened on Matrix (and has happened many times in the past for other issues) is pretty healthy, and not something that is always possible for other open source software.

sunaurus , 3 months ago

The core issue here is that there are too many things to do, and too few developers to do them. By the way, for a huge number of these things that need to be done, there is most likely at least one person who thinks it’s the absolute highest priority for Lemmy. Forking would not help fix this issue, it would only make it worse.

In other words: if you’re a Rust dev, you can just fix it in Lemmy anyway, so there is no benefit from forking. If you’re not a Rust dev, then after forking, you will have a new repo to create issues on, except you’ll have 0 devs to actually fix them.

sunaurus , 3 months ago

Sorry if you were just making a joke, my sarcasm detector is not really working anymore (/s at the end would help). But if not, this comment really perfectly captures the entitlement in open source.

Now imagine you spend months (or even years) of your free time to build something for people to use freely, and the result is that you get endless comments from random strangers, telling you that you work for them and that you need to respect and be grateful to them. I honestly am impressed that open source still exists at all at this point.

sunaurus , 3 months ago (edited 3 months ago)

I just want to add a counter-point to the argument that Lemmy devs are somehow opposed to contributions. In my experience, there has been no resistance to contributing any type of change (I have personally added niche features for running Lemmy in a distributed manner, optimizations, bug fixes, etc). In fact I would claim the complete opposite - I have received plenty of support and good code reviews from maintainers whenever I have wanted to contribute anything.

I think there is truth to the claim that Lemmy maintainers don’t have a lot of patience for people making demands and snarky comments, but that is very different from being opposed to contributions. Also, after running a big instance for a while now, I completely understand this lack of patience - when some of your users just keep being rude to you, it wears down your patience. It’s easy to patiently and kindly respond to the first 100 rude users, but at some point after that, it just becomes gradually more mentally exhausting, to the point where it’s basically impossible.

Even the example provided in the blog post: I don’t think snowe had bad intentions, but I do think they had clearly misinterpreted the situation with that issue, and their comments were needlessly condescending.

sunaurus , 3 months ago

On Lemmy 0.19.3, reports go to:

• Community mods
• Admins of the instance where the community is hosted
• Admins of the instance of the reported user
• Admins of the instance of the reporter

sunaurus , 3 months ago

It's not immediately clear from the title, so let me point out that they are talking about routers which are using default credentials and no automatic updates.

sunaurus , 3 months ago

Good luck with the upgrade!

sunaurus OP , 3 months ago (edited 3 months ago)

Thanks for the comment! I think I generally agree with your points, will try to incorporate them into the RFC soon.

While I don’t think admins should be removing things that were reported to the community, they should be able to remove things outside of reports (even without being a mod). Sometimes spam might get reported to the mods, but the admins need to take action. Could the ‘read only’ view add a little warning before action is taken?

To be clear, admins are always able to do that anyway, I'm not proposing any changes to this. I am only proposing to limit the actual "mark as resolved" action, in order to prevent admins from accidentally hiding reports from mods. But I think it makes sense to even not limit this completely, and rather just show a warning when an admin does it - I have updated the RFC.

Btw, for this one:

Sometimes spam might get reported to the mods, but the admins need to take action.

I think it will mostly be OK as long as we allow mods to escalate reports to admins. But still, maybe it is indeed necessary to allow admins to directly resolve mod reports (with an extra UI confirmation step) as well.

sunaurus OP , 3 months ago (edited 3 months ago)

Thanks for the thoughts!

Why not take this approach to simplify it then?

Yeah, the wording can be changed, I'm adding a note about it to the RFC

But I should be able to mark a report complete if I have dealt with it. Otherwise I’m just going to go to the post and sort it out anyway, so its just adding complexity.
Barriers/extra steps to administration is not the way forward here.

I think in this particular case, some barriers are crucial. At the very least, I think we need to have warnings/extra confirmations when an admin wants to resolve a mod report.

I mean, if an admin handles it to the point where mods can't take any further actions anyway (ban + content removal), then the report is automatically resolved already, so there is no need to manually resolve. OTOH, if an admin handles it in a way that a mod might still want to take additional action (for example, the admin just removes a comment), a mod might still want to take further action (for example, ban the offending user from their community), but if the admin marks the mod report as resolved, the mod will most likely end up never seeing it.

I am legally on the hook for content on my instance, not the moderators, and proposing changes that make it harder to be an admin is a touch annoying.

Btw, I don't think any admin actions should be made harder, I am only talking about adding barriers to resolving reports which are in mod inboxes, and when I say "resolving reports", I am literally just talking about marking the report as resolved (this shouldn't really be a common action for admins - it's akin to marking DMs as read for other users IMO). I don't want to limit admins in any way from banning/removing content/anything like that.

No. This is a step backwards in transparency and moderation efforts. Granularity and more options is not always a good thing. If you’ve ever had the misfortune of using Meta’s report functionality you’ll know how overly complex and frustrating their report system is to use with all their “granularity”.

Agreed, I think that's in line with why I proposed not going that path in the RFC as well.

To add: I would suggest thinking about expanding this to notify the user a report has been dealt with/resolved, optionally including rationale, because that feedback element can sometimes be lacking.

I think that would a good additional feature, but orthogonal to this particular RFC (I mean, neither feature depends on each other)

sunaurus OP , 3 months ago

I think separate report inboxes are needed for the report reasons approach as well. This RFC doesn't prevent having report reasons, rather I think it brings us closer to that goal.

sunaurus , 3 months ago

The nice thing about Lemmy is that you can always host your own instance, even if it's only for your own individual use. You can basically use your own instance as a proxy - other instances will not see how or from where you are connecting to your instance.

Large instances are being attacked almost constantly at this point in smaller and bigger ways. Almost all measures we implement to combat these attacks come with some trade-offs for the rest of the userbase.

sunaurus , 3 months ago (edited 3 months ago)

That particular instance was very recently the source of a lot of CSAM and spam, so that’d be why. A lot of instances recently upped their security to combat that.

Just to add some more context, there was an attacker recently who created accounts on several Lemmy instances and used those accounts to spread CSAM. On lemm.ee, this attacker created 4 accounts over a 24h period, but was not able to upload any CSAM to our servers due to our stricter upload rules (we require 4 week old accounts to upload any images at all), and all of the 4 accounts were removed very shortly after creation (most of them within an hour of signing up). The attacker gave up trying to use lemm.ee very quickly, and moved on to other instances.

I just wanted to share this context to illustrate that while indeed the different measures we implement to protect the instance can have a negative impact on legitimate users, I really believe that overall, they have a net positive effect. In addition to Cloudflare DDoS protection and image upload restrictions, we also have a separate content-based alerting layer on top of Lemmy, which allows our admins to quickly notice when something suspicious is going on. As another example, this alerting has allowed us to extremely efficiently deal with a current ongoing spam attack on the Fediverse, and I bet many lemm.ee users aren't even aware of this attack due to the quick content removal. We will continue to improve our defenses, and hopefully try to limit the impact on real users as much as possible, but some trade-offs are necessary here in order to protect the overall userbase.

sunaurus , 3 months ago

Also, there’s no way to report a user to their home instance so long as they don’t post anything in a community on their home instance.

This has been fixed in 0.19 thankfully. But for instances running older versions, what you said is still true.

sunaurus , 3 months ago

Or do you mean reports on content now go to the user’s home instance as well?

Yes, exactly.

sunaurus , 4 months ago

Important note, this feature is only available for US customers.

sunaurus , 4 months ago

Good luck with the update! One great thing about 0.19 is that it allows users to check federation status between instances, will be awesome to get that for lemmy.world as well.

sunaurus , 4 months ago

It's OK to post questions here:

Feel free to post and upvote questions beforehand in this post, as it will turn into the AMA tomorrow.

sunaurus , 4 months ago

I kind of get where you're coming from, but to me it sounds like you're looking for a different experience than what Lemmy is designed for. It seems you are more interested in aggergating all posts about specific topics (like "books"), and strongly limiting the effect of moderation (as nobody would have final say about how to moderate an entire topic). If I correctly understood the experience you're interested in, then for sure the design of Lemmy will not match that.

I don't think it's fair to describe this as a fatal flaw, though. Lemmy is not built around the idea of generic, "ownerless" topics, instead, it's built around communities with clear owners. We have decentralization at the admin and infrastructure level (as in, a single admin does not control the entire network), but this does not really mean we also need to have it at individual community level.

IMO it's totally fine that different people create different communities with extremely similar purposes. The entire internet as a whole also works like this - the internet itself is decentralized, but at the same time people can create different websites with very similar purposes (and even domains!), and it works out fine. For example, it's totally possible for there to exist a news.com, news.co.uk, news.ee, news.fi, etc. Imagine if whenever you navigated to news.fi with your browser, it would also automatically insert content from all the other news websites of all possible domains - it doesn't really seem like a useful feature, but that's kind of analogous to what you're suggesting for Lemmy at the moment.