Fediverse

28691 readers

598 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Follow the general Lemmy.world rules.

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago

MODERATORS

[email protected]

Help me open source ClubsAll - need a senior security engineer to review code (lemmy.world)

submitted 2 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Hello everyone, We built clubsall, a frontend for federated content. Since the goal is to help build a reddit competitor, open sourcing is the logical next step.

However, without a review, I am afraid website could get hacked quickly.

Does someone with experience in scanning code for security issues or white hat hacking wants to help increase confidence so I can open source it?

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 2 months ago

Update on this request: A developer approached me and is not only helping me with review and fix security issues. We found quite concerning security issues, so I think the decision to have another person look at this was right one.

We discussed and found that we need to do following work

Redo backend/api so it is more robust, while doing that it will also become Lemmy API compatible
Fix client so it adapt to any API changes
Move from cloudflare workers to docker, so it can be self hosted
Move from D1 to postgres (D1 has 10GB limit, ClubsAll db is already 5GB), so it is scalable
Move production to a VM or k8s cluster so we can host our own DB, backend and frontend instead of CF workers

We have some work to do but will have a good product at the end of it. We will update further once we get this work done. Thanks to everyone to your thoughts and offers to help.

[–] [email protected] 0 points 2 months ago (1 children)

Why another reddit competitor? There is already Lemmy.

[–] [email protected] 1 points 2 months ago

Well there are in fact other options than Lemmy already, like Mbin and Piefed. This is good - more options means users have more choices and they all still interoperate so everyone can choose what they want without being separated.