this post was submitted on 31 Jul 2023
520 points (98.9% liked)

Meta (lemm.ee)

3564 readers
1 users here now

lemm.ee Meta

This is a community for discussion about this particular Lemmy instance.

News and updates about lemm.ee will be posted here, so if that's something that interests you, make sure to subscribe!


Rules:


If you're a Discord user, you can also join our Discord server: https://discord.gg/XM9nZwUn9K

Discord is only a back-up channel, [email protected] will always be the main place for lemm.ee communications.


If you need help with anything, please post in !support instead.

founded 1 year ago
MODERATORS
 

Hey folks!

It's time for some lemm.ee updates! Feel free to skip ahead to whichever sections seem interesting to you.

New bot rules

The reception to my previous meta post was very positive, so we are going ahead with the new bot rules on lemm.ee. The new rules have been added to our front page sidebar and will be enforced by admins starting on the 1st of August.

The final version of the rules look like this:

  • All bot accounts must be explicitly marked as bots
  • Bots must not vote on any posts or comments
  • Bots must disclose their specified purpose in their profile
  • Bots must not be responsible for the majority of content in any community

The goal for now is to limit bots to a support role. In other words, we have nothing against bots which are used to support running a community for real people, but we do not currently want to host communities which are completely filled with bot content on lemm.ee.

It's definitely true that bot-only communities might provide valuable content, but we need to balance this value with how bots affect our feeds. If in the future the volume of organic user-created content on lemm.ee increases to a point where bots can't easily overwhelm the local feeds, then we may reconsider the last rule.

I apologize again to any bot developers who have chosen lemm.ee as the home for your bot-driven communities, I hope you can find another instance without too much trouble.

0.18.3 update

Last week, lemm.ee was updated to Lemmy version 0.18.3. We were previously already running a patched version of 0.18.2 which included many of the performance improvements that landed in .3, so the upgrade did not have as much of an effect on lemm.ee as it probably did on many other instances.

In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.

lemm.ee stance on hosting alternate Lemmy frontends

In the past few months, a lot of alternate web UIs for Lemmy have started cropping up. I've checked out a few of these and I think a few look really cool!

While such frontends generally provide ways to use them without being directly hosted on any specific instance, some instances have begun hosting such frontends on their own servers as well. I've also received a few dozen requests to host such frontends directly on lemm.ee. I would like to address these requests directly here.

For the time being, I am not planning to host any other frontends than the default lemmy-ui on lemm.ee. There are several reasons for this.

I am personally familiar with lemmy-ui code (to a reasonable extent). I know what it's doing overall, I know several of its pitfalls and I am able to quickly react in case of issues. As just one example, lemm.ee was the first instance in the world which fixed the weak script-src CSP in lemmy-ui that enabled the recent login session breach on some other instances - this is because I deployed the code on lemm.ee before I submitted a PR to the lemmy-ui repo with the fix.

The above would not be true for alternative frontends. I don't have the capacity to go through the implementation details of additional projects at the moment, so I have no idea what the code would be doing in any third party UI. I have no way to guarantee that it's not malicious to begin with. Even if the code is not malicious, I would not be able to quickly apply patches if problems crop up.

As a result of all this, I am not comfortable with hosting these third party frontends on lemm.ee for now. Note that this does not mean you're not able to use such frontends with lemm.ee - all the ones I've checked will work perfectly fine without being hosted on the same domain as the instance itself. But as with any 3rd party app, please be careful when using these frontends - by doing so, you are effectively sharing your username and password with anybody who is developing and hosting them.

Personal note

Some of you may have noticed that I have been a bit less active in the several Lemmy-related communication channels & GitHub for the past week or so. The reason for this is that I've had two stressful things happen: earlier this month, I found extensive water damage in my house which is not covered by insurance. Even worse, shortly after this discovery, I received news that my current place of work, a startup, is shutting down at the end of August (mostly due to changed market conditions).

As a result, I've been spending a fair bit of time trying to deal with the renovation of my house & now am also spending additional time trying to figure out where I can land in terms of employment in order to keep putting food on the table. Nevertheless, I am hoping to get back to more Lemmy contributions soon.

Sorry to use this space for selfish purposes, but I would like to take this chance to note that if anybody is looking for a remote software engineer, I am currently open to new opportunities! Just as a short overview about myself:

  • I've been working as a software engineer for over a decade, about 5 years in technical leadership roles
  • I have experience with end to end ownership of software platforms - everything from writing code to running it in production
  • I'm based in the EU but happy to work in either EU or US timezones
  • For the past few years, my main tech stack has been TypeScript (nodejs/react) + Postgres + Terraform, but I have extensive experience with a lot of other technologies and generally am quite adaptable
  • I have experience running platforms at considerably bigger scale than Lemmy

I would of course happily go into much more details if you contact me directly, so if this is interesting to anybody then please feel free to reach out!

Also, please let me assure anybody who is worried: lemm.ee funding is not currently in jeopardy. For the next couple of months, lemm.ee is not even dependant on a single cent of my own financial contributions, as community support has provided enough money already to give us a nice buffer. I am planning to write a summary of our financials in the next few weeks, please keep an eye on the meta community if you're interested in seeing this!

That's all for now, thanks to anybody who has made it this far! As always, please feel free to leave comments below if you have any thoughts or questions.

all 40 comments
sorted by: hot top controversial new old
[–] [email protected] 62 points 1 year ago

Sorry to hear about the bad news, wish you best of luck with the job search.

[–] [email protected] 43 points 1 year ago* (last edited 1 year ago) (2 children)

I understand your stance on the frontend question. I run a forum site, and it has several modifications, and every time I need to upgrade, there's an air of, "Okay, how difficult is this going to be? Do all of the mods support the new version? What if they don't? Is there another mod that will?" and so on. It turns every upgrade into something I need to set aside a bunch of time to do...just in case.

If I were you, I'd keep it as stock as possible, because it's just much easier to maintain that way.

Good luck on your job search and home repair!

[–] [email protected] 5 points 1 year ago

I wish everyone kept the stock look because it creates a stronger brand image. Differences always create confusion among new users.

[–] [email protected] 39 points 1 year ago

This seems like a good opportunity to point out that sunaurus pays for this instance out of pocket, and you can go to the GitHub sponsors page if you want to help financially support this instance!

[–] [email protected] 29 points 1 year ago

Thanks for this great instance

[–] [email protected] 28 points 1 year ago* (last edited 1 year ago)

As an author of one Lemmy front-end, I can confirm that you are potentially sharing your username and password. Unfortunately, there is no way for Lemmy front-end developers to, say, open a web socket to Lemmy instance and have you login through a web browser (which would be much prefered from security standpoint, but it is what it is).

Furthermore, from what I see, many of such front-ends store your password, instead of just the Bearer token. Unfortunately, from what I get, there is also no way of invalidating the Bearer tokens right now, so in the event of it getting stolen - you’re f***ed.

Now, couple of tips:

  • USE 2FA AUTHENTICATION. In the event of malicious app actually stealing your credentials, you are at least a little bit more protected by this layer.
  • Use password manager - do not use your banking password, please.
  • Only use trusted front-ends, and in the even of an app, only download versions from official sources maintained by the app author.
  • Make sure the instance you’re registered at has a valid HTTPS certificate.
[–] [email protected] 25 points 1 year ago* (last edited 1 year ago)

Give me a shout on the job hunting front. I work for a European conglomerate that has its own development arm. I've worked directly with their developers in the past, though I am in a different role.

I know they're looking for people, especially those who are good in Java, JS/TS and/or Golang.

[–] [email protected] 16 points 1 year ago

Wish you all the best with the job hunt!

[–] [email protected] 15 points 1 year ago

Thanks for being a wonderful steward for my adventures in Lemmy!

[–] [email protected] 14 points 1 year ago

Good luck mate. I'm certain with your skills you'll be in a different role in no time

[–] [email protected] 13 points 1 year ago

Sorry to hear about the bad news, hope you'll get better soon, best of luck!

[–] [email protected] 12 points 1 year ago

Thank you for everything! I have recently landed here after I heard you had lots of contributions to the Lemmy code and were using a load balancer for your servers.

Best of luck for your house damage and your job, I wish you the best 🤞

[–] [email protected] 12 points 1 year ago

Good luck my friend. Thanks for all you do

[–] [email protected] 12 points 1 year ago

Best of luck with the job hunt and thanks for all the hard work! Hopefully the water damage isn't too serious!

[–] [email protected] 12 points 1 year ago

Thanks for the update, and for all of your work. Hope things sort themselves out swiftly! ❤️

[–] [email protected] 9 points 1 year ago

Good luck landing a new job! My current place sucks and doesn't match your skillset, but when I switch I'll remember this post 📯

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago) (1 children)

From reading the post it seems my Community Link Fixer bot should be okay, correct?

Also my ChatGPT bot (it only works when someone mentions it directly)?

[–] [email protected] 5 points 1 year ago

Those bots are OK!

[–] [email protected] 6 points 1 year ago

No issue here on sticking with the standard Lemmy front end. I'm fine with that. Even if you hosted different front ends, I'd probably keep using the standard one. Also hope the best for you on the personal side.

[–] [email protected] 4 points 1 year ago

Good stuff, I think you have the right idea for the bots and the front end. Thank you for your hard work with everything so we can all enjoy lemmy!

[–] [email protected] 4 points 1 year ago (1 children)

In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.

Since the update, comment context links have not been working for me. This severely limits the ability to have a conversation with people, as sometimes you don't even see your previous comment, only the comment you're replying to.

The effect of this is different on different platforms. On the web version, context links don't work at all, only showing you the most recent comment. In Jerboa you see a few more comments, but they aren't in the correct tree order, and the link doesn't work to climb further up the tree.

[–] [email protected] 2 points 1 year ago

Same. It's been like that for a couple of days at least. I swear some replies are linking to a different comment thread as well.

This is a perfect reason imo to keep the frontend stock. Without being able to use the "vanilla" .ee I would have assumed the app UI i use sometimes is broken. Being able to see it on the web version I knew it was a Lemmy issue.

[–] [email protected] 2 points 1 year ago

I’ll kick in some extra money while I can. I’m also currently unemployed so I don’t have a ton, but this instance is invaluable to me.

[–] [email protected] 2 points 1 year ago

Thanks for all you've done to make Lemmy a great place to be! I hope someone snaps you up soon for new development products!

[–] [email protected] 2 points 1 year ago

@[email protected] Unfortunately, I don't see the Bulgarian language translations that I made on lemmy via weblate, these translations are visible in other instances that have been updated to 0.18.3, but not in lemm.ee.

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

By self-hosting, you make sure that you keep user data safe. But you are right about possible breaches.

[–] [email protected] 4 points 1 year ago

Even when self hosting, malicious code can still make external calls and ship user data elsewhere if so inclined. At the end of the day, it’s the users choice to share their credentials with a third party frontend and there are risks involved regardless of where it is hosted.

[–] [email protected] 1 points 1 year ago

I feel the employment hit. My company unceremoniously shut down, all of a sudden, last Tuesday, after almost 9 years there. Supposedly, we get severance and I have leads on new employment already.

Best of luck to you.

[–] [email protected] 1 points 1 year ago (1 children)

I've always wanted to write a bot, for no particular function but just to do it and learn what it takes. My preferred stack is Java and spring(boot) but I suppose I can extend to something else if I have to.

Does anyone know of any resources on how to learn? I figured I can play around and write something here on lemmy. Thanks!

[–] [email protected] 3 points 1 year ago (1 children)

Wow people exist that actually prefer Java and don’t just use it because they’re forced to?

[–] [email protected] 1 points 1 year ago

I originally was really bad at it, I mean embarrassingly bad. I got work because of C# (I somehow just got it) my job eventually switched to Java and it just eventually clicked. But yeah I actually enjoy it.

[–] [email protected] -1 points 1 year ago (2 children)

Honestly not using other UIs is a bummer

[–] [email protected] -1 points 1 year ago* (last edited 1 year ago) (1 children)

There's been an influx of right wing bots in the fediverse. Is there anything we can do to stop that?

[–] [email protected] 8 points 1 year ago (1 children)

A citation would be a start

[–] [email protected] 1 points 1 year ago (1 children)

Read the comments in political posts

[–] [email protected] 1 points 1 year ago

Right, so we're citationless