Lemmy

For example, an instance may have blocked lemmy.world, but I can still see their communities in the search from lemmy.world. I'm not sure how to tell if they are blocked or not.

I tried what another user reported and it worked. I submitted a github issue as the security email seems to be unmonitored based on me trying to contact it (regarding a different issue) for over a week now.

Be careful about links you click in Lemmy, I guess.

cross-posted from: https://sh.itjust.works/post/774797

What is XSS?

Cross-site scripting (XSS) is an exploit where the attacker attaches code onto a legitimate website that will execute when the victim loads the website. That malicious code can be inserted in several ways. Most popularly, it is either added to the end of a url or posted directly onto a page that displays user-generated content. In more technical terms, cross-site scripting is a client-side code injection attack. https://www.cloudflare.com/learning/security/threats/cross-site-scripting/

Impact

One-click Lemmy account compromise by social engineering users to click your posts URL.

Reproduction

Lemmy does not properly sanitize URI's on posts leading to cross-site scripting. You can see this working in action by clicking the "link" attached to this post on the web client.

To recreate, simply create a new post with the URL field set to: javascript:alert(1)//

Patching

Adding filtering to block javascript: and data: URI's seems like the easiest approach.

Seemed pretty cool.

Do note, I don't control mlym.org, so, wouldn't recommend putting your credentials into it!

A few weeks ago Lemmy was buggy on computers and there were no good mobile clients out there, now on PC the site is pretty stable and fast, and there are now some pretty good iOS/Android clients too. Thanks to all the people who made this possible!

Is anyone seeing a ton of comment duplication on posts lately? I'm trying to figure out if this is a lemmy problem or a me problem.

I have a topic for which I could not find a matching community. I can see in the UI that it's possible, and probably easy, to create a new community.

What happens next? Will I be up to my neck in mod work or other commitments/responsibilities? What aspects do I need to consider before doing this?

Google searched worked really well for reddit if trying to find an answer to a technical question or the like. How well will this translate for Lemmy? I assume it would be a lot more difficult as the post could reside on any number of smaller instances.

First, I want to say how great it is to see success in a social media platform not owned by some giant cooperation. That said, right now we are at a turning point where we can still change the platform in major ways and I think we all have a shared interested in Lemmy becoming the best it could be.

Let's face it, Reddit had many problems even before the API changes. The toxic herd mentality, over and under moderation at the same time, small posts getting drowned out by already big ones and so much more. As you probably are already aware of, social media can quickly end in filter bubbles, extremization and bringing out the worst of the human psyche. These are not problems simply fixed by better moderation. Rather, these are problems resulting from the engagement driven design of most platforms (Post controversial statement -> many comments -> Post gets delivered to more people -> even more engagement -> ...) I want Lemmy to be a place that brings people together instead of dividing us apart.

Therefore, I wanna start a conversation on what design changes Lemmy should implement in the future to make sure the platform remains humane and everyone can engage in respectful conversations.

I think a good starting point are the recourses of the Center for Humane Technology, like their course on Foundations of Humane Technology

I'm looking forward to hearing your opinions and ideas on this :)

Looking at every post there are zero comments

I think @lemmy @lemmyworld might not get the support Mastodon got because Twitter is more seriously used by some people and needed an urgent alternative whereas Reddit is still primarily used for entertainment

Hello,

I lurk into some thematic instances very often, without being necessarily subscribed to all communities there, but this is a hard task to do as lemmy is right now: I need to know the instance as first, then I need to open it in another window... and finally, if I decide I want to subscribe to a community there I need to comeback to my own instance and look for the community to hit the join button.

I think it would be a nice addition to be able to bookmark instances and then browse their local feed by clicking there... a super extra bonus would be being able to subscribe to extra-communities from there.

I've been around the Internet for a while now to see people abuse forums. Per the GitHub repo, I see that EXIF data is already stripped from images, but I'm not seeing any mention of extra data detection on Lemmy.

If I was at home I'd test this myself, but it's extremely trivial to hide data in images. This is commonly used by less technical distributors of CSAM, as well as some malware, and should be looked out for if it isn't already.

cross-posted from: https://lemmy.ca/post/1041753

https://www.orion-hub.fr/videos/watch/94669043-097d-4e3d-8456-32d5639bd13c

https://www.youtube.com/watch?v=tsI1RF5pqH0

This is a feature request to implement reddit's 'best' sorting algorithm for comments.

Quoting the github issue creator academician:

Here is Reddit's original announcement post for the feature, written by Randall Munroe from XKCD, and here is an article about how the ranking algorithm works under the hood. Essentially, it uses a Wilson score interval based on the ratio of upvotes to downvotes.

TL;DR:

Top sorting has the problem that early comments usually stay on top because people are more likely to read the top comment and upvote it as opposed to reading new comments at the bottom.

Hot takes into account time and is very biased towards newer comments. I frequently see a much higher voted comment (with no downvotes) below a comment that was just posted a little later (maybe this can be tweaked a little though).

Best Doesn't take time into account at all. Instead we are trying to estimate how well received a comment might be in the future (its ratio of upvotes and downvotes), given the total number of upvotes and downvotes right now. This both allows the comments to be sorted by how much people upvoted (and downvoted) them but also allows new popular comments to rise quickly.

I hope this can be implemented soon. The code for the algorithm is already available in Rust or SQL, so it shouldn't be too much work.

cross-posted from: https://lemmy.world/post/1028827

This question may be moot but it's something I've been thinking about. I've only recently jumped into this brave new world so you'll have to forgive my ignorance.

I'm wondering if there's any etiquette or conventions for which instance a 'migrated' subreddit should be hosted on. More specifically, I'm thinking about the communities where the subject matter is more regional.

For example, if I use an account on a UK-based instance because that's local to me then it might not be optimal to create a community on the UK instance if the subject matter is US-centric. Would that ultimately lead to a worse experience for the majority of those community members that are based in North America?

The difference in speed for me connecting to something in the UK vs the US is basically negligible, but it's non-zero and potentially exacerbated for those that have slower or unstable internet connections. This may be particularly true while rapidly-expanding instances are a bit unstable anyway.

It's obviously up to the mods of each subreddit to decide what to do for their "official" migration. However, what I'm afraid of happening is:

1. A migrated subreddit is hosted on an instance which has a detrimental effect on the experience of a significant number of its users.
2. To combat this, former Reddit communities get splintered into multiple, region-based communities.

The latter wouldn't be so bad but one of the things that made Reddit so appealing to me was the differences in perspective from all walks of life that sparked discussion. That sense of being part of a diverse, active community might be lost if the overall Reddit migration is handled in a haphazardly way.

Does anyone have any thoughts on this? Am I worrying about a non-issue?

~Is~ ~it~ ~time~ ~to~ ~crack~ ~each~ ~other's~ ~heads~ ~open~ ~and~ ~feast~ ~on~ ~the~ ~goo~ ~inside?~

I think that the biggest issue with Reddit, Lemmy, link aggregators in general is someone has to post the links. I want people to determine the sorting of the links, I want the system to facilitate commenting and engagement, but if I have to use an RSS reader AND Lemmy to get news, I’ll just use the RSS reader.

So my idea is, an instance which has communities which themselves subscribe to RSS feeds which auto populate the community. People then can subscribe to this from their lemmy instances, cross post, upvote, etc. idk how rss feeds would be voted on or added, but it’s just a concept.

Any ideas? Interest?

I'm a simple man, number go up causes endorphin release.

I think this should be prioritized in order to help with the insane growth and associated costs of Rexxit.

It may not make sense for 100% of proceeds to go to Lemmy devs, but something like 70/30 or 60/40 split (in favor of the instance host) would be a great idea to help us support the scaling effort.

Edit: I guess I'll take my L. This seems to be a pretty unpopular take, and I understand why. We'll see where things end up in a few months when these suckers start getting actually big

According to the GitHub of Lemmy, the main reason the name Lemmy was chosen was because of Ian "Lemmy" Kilmister, the lead singer from MOTÖRHEAD. This is highly problematic and racist because Ian "Lemmy" Kilmister is an avid collector of Nazi paraphernalia. Social justice warriors and woke NPCs will tell you that you cannot separate the artist from the art, so LemmyNet, the unpaid mods, and woke Lemmy users are actually supporting Nazi ideology by choosing the name Lemmy due to MOTÖRHEAD's Ian "Lemmy" Kilmister. The racist name of this service will be a huge obstacle for it becoming mainstream.

Although this may not be a problem for the NPCs as they support the neo-Nazi group Azov Battalion, which is part of the National Guard of Ukraine. The founder of the Azov group is Andriy Biletsky who was said that Ukraine’s national purpose was to “lead the white races of the world in a final crusade … against Semite-led Untermenschen [inferior races]”.

Besides the blatant racism and anti-semitism of Lemmy, another reason why it will fail is the rampant censorship and defederation. Defederating keeps users in echo chambers and isolates them towards more extreme groups and ideas. Mastodon and Lemmy are home to jannies on steroids and haters of free-speech. Take a look at any modlog of a community and you will see many legitimate posts and comments removed often with no reason given. It doesn't make sense for Lemmy to be a "alternative" of Reddit if it has MORE censorship than Reddit. The unpaid mods of Lemmy must stop discriminating against people that are not establishment supporting social justice warriors.

If these serious issues are not addressed, Lemmy and other 'decentralized' networks have no hope of competing with Reddit any time soon.

TLDR:

• Lemmy must change its name because it is racist and problematic.
• The level of censorship has to decrease expeditiously

cross-posted from: https://eventfrontier.com/post/6196

I'm extremely excited to announce Echo for Lemmy. This is a project I've dedicated all of my free time to for the past little bit, and it has come such a long way. Although there is still a lot of work to do, I'm excited to share this alpha version and get feedback from the community.

Key Features:

• Intuitive, beautiful design
• Timeline that provides key information about posts
• Upvote, downvote, and comment on posts just by swiping
• Threaded comment support
• Blocking & Reporting support
• Support for every timeline sort option
• Share Extension to create posts from other apps
• And much more

Screenshots:

How to Join:

Please keep in mind that this is currently a closed alpha program. Things might not be perfect. Bugs exist. It's not feature complete. However, it's a great start, and after using it myself, I think it's ready to be shared with the community.

I truly believe in the community aspect of Lemmy and the Fediverse. Your feedback will help shape this application, and I'm excited to hear what you think.

If you would like to join the alpha program, please fill out this form, and I'll be sending out invites as soon as possible. I expect the first wave of invites to be sent out this week. Then be sure to subscribe to our Lemmy community to stay up to date on the latest news, ask questions, leave feedback, and more.

How to Report Feedback:

I will be compiling feedback from the following sources. Please feel free to use any of these to report feedback.

All constructive feedback is welcome. Please note, that nonconstructive feedback may result in removal from the alpha program.

• TestFlight Feedback System (take screenshot from your device & tap Done > Share Beta Feedback)
• Echo Lemmy Community
• Echo Mastodon Account

Mlmym is a new Lemmy app that replicates the old.reddit interface

https://mlmym.org/lemmy.ml/c/fediverse

[posted to @lemmy]

cross-posted from: https://lemmy.fmhy.ml/post/545045

Decentralization

Reddit is going downhill, Twitter is a mess, Youtube is making decisions that no one wants and Instagram/TikTok are creating algorithms to make you addicted to their content at the expense of your mental health. Before them there was myspace, digg, yahoo etc doing the exact same thing. The common thing is that the power on these platforms is 'centralized', meaning that a single company has the power to make any rule or change which the users will have to agree with if they want to continue using the platform.

'Decentralization' aims to return control to the people. Instead of one dominant entity governing the entire system, these platforms rely on smaller, user-operated nodes that communicate with one another. This way no single user or company has the power to make changes to the entire system, or to decide what is acceptable or not as each instance can have their own set of rules by which they run.

Federation

In simple terms, when two instances communicate and send data to each other, they are said to be 'federated'. An instance can thus federate with thousands of other instances to view and interact with the content hosted on them. You can even set up your own small personal instance and federate with every other instance to view data from the entire fediverse.

If an instance becomes unomoderated, hosts illegal content, has a bot problem or has just in general a vibe you don't agree with, an instance admin can 'defederate' from that instance, meaning you will no longer view posts from them nor can they view posts from you, effectively breaking any communication with them.

Fediverse

Fediverse, or 'federated universe' is the name given to the social media platforms that utilize this concept of federation and decentralization. While Lemmy and Mastodon are the most popular right now, there are many similar platforms. There is Peertube for example, which is a Youtube alternative, or Pixelfed, which is an instagram alternative. You can view a list of all such platforms on this site. Here's also a visual representation that might help.

Lemmy

Lemmy is the reddit alternative social media that is part of the fediverse. It works similar to reddit, in the sense that people can post stuff and other users can comment on these posts, higher upvoted posts rise to the top etc. The main difference is that communities (subreddits of lemmy) are hosted on different instances which can then all be viewed by a user from their home instance (provided they weren't defederated). So no single instance or admin has control over all communities, nor do the hosting costs skyrocket as ideally each instance will host some communities to balance the load.

Mastodon

The Twitter alternative and the first popular fediverse platform. it's pretty similar to Twitter so if you know how that works you pretty much know how Mastodon works too (apart from the decentralized aspect).

Kbin

While Lemmy and kbin are spoken of together nowadays, kbin is actually more of a hybrid between lemmy and mastodon. While you can use kbin just as a lemmy alternative with a different skin, it is also a microblogging site. This means that you can follow individual users, and people looking at your 'timeline' can even view posts you upvoted, similar to twitter.

Right now there is no way to interact with mastodon users through lemmy, but Kbin can view content from both. So it's upto you which kind of platform feels better to you.

Edit: Small correction but Mastodon can view lemmy content as well, so it's just lemmy who's unable to fetch mastodon content right now.

ActivityPub

ActivityPub is the protocol on which the entire fediverse runs. It provides a client to server API for creating, updating and deleting content, as well as a federated server to server API for delivering notifications and subscribing to content. All you need to know is that if a platform is part of the fediverse, then it must be using ActivityPub protocol.

FOSS

Free and Open Source Software. It's a more general term but thought it's relevant enough to be added since a lot of people might not have heard of it. FOSS applications are not only free but make their source code public, which means anyone can view exactly how each part of the site works and to check if nothing malicious is added. People can even modify this code to make changes and make the application better. Here's the source code for lemmy for anyone interested.

Aside from the terms I'll also try to answer some questions I've seen asked frequently:

Q: How is this entire thing monetized?

A: In short, donations. Decentralization helps by making the hosting costs manageable for a single instance, so donating even a little bit to your home instance can help them cover a large portion of their operating costs.

Q: What Instance should I join?

A: While I wish I could say join any one of them, in reality, each instance has a different set of rules and philosophy on which they operate. Some can be heavy in their moderation, trying to curate a very specific feed, while others are much more liberal, letting users have more free control. My advice to someone new would be to make an account on any instance just to get a feel for how everything works and if you like the concept of Lemmy. Once you've grasped how things work, then choose an instance to be your main home.

Q: Why do I see different amount of upvotes and comments on different instances?

A: If the comment is new, it can take some time to sync and be visible on other instances in general. However, remeber that you can't see upvotes and comments from users your instance has not federated with. So if your home instance has not federated with some instances, the upvotes and comments from users of that instance won't be visible to you.

Q: How do I discover new Communities to join?

A: I made a specific post just for this question.

Q: Are there any mobile apps for lemmy?

A: Yes, a lot of them infact. Here's a megathread that's being kept updated with all current apps.

These are the main points I thought a new user might find useful. If someone has anything they wish to be added, comment below and I'll update it with relevant information.