this post was submitted on 07 Jun 2024
119 points (98.4% liked)

Lemmy

12568 readers
26 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This v0.19.4 release is a big one, with > 200 pull requests merged since v0.19.3. As such we can only give a general overview of the major changes in this post, and without going into detail. For more information, read the full changelogs at the bottom of this post.

Local Only Communities

Communities have a new visibility setting, which can be either Public (current behaviour) or LocalOnly. The latter means that the community won't federate, and can only be viewed by users who are logged in to the local instance. This can be useful for meta communities discussing moderation policies of the local instance, where outside users shouldn't be able to participate. It is also a first step towards implementing private communities. Local only communities still need more testing and should be considered experimental for now.

Image Proxying

There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.

Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.

Many thanks to @asonix for adding this functionality to pict-rs v0.5.

Post hiding

You can now hide a post as a dropdown option, and there is a new toggle to filter hidden posts in lemmy-ui. Apps can use the new show_hidden field on GetPosts to enable this.

Moderation enhancements

With the URL blocklist admins can prevent users from linking to specific sites.

Admins and mods can now view the report history and moderation history for a given post or comment.

The functionality to resolve reports automatically when a post is removed was previously broken and is now fixed. Additionally, reports for already removed items are now ignored.

The site.content_warning setting lets admins show a message to users before rendering any content. If it is active, nsfw posts can be viewed without login.

Mods and admins can now comment in locked posts.

Mods and admins can also use external tools such as LemmyAutomod for more advanced tools.

Media

There is a new functionality for users to list all images they have previously uploaded, and delete them if desired. It also allows admins to view and delete images hosted on the local instance.

When uploading a new avatar or banner, the old one is automatically deleted.

Instance admins should also checkout lemmy-thumbnail-cleaner which can delete thumbnails for old posts, and free significant amounts of storage.

Federation

Lemmy can now federate with Wordpress, Discourse and NodeBB. So far there was only minor testing and these projects are still under heavy development. If you encounter any issues federating with these platforms, open an issue either in the Lemmy repo or in the respective project's issue tracker. You can test it by fetching the following posts:

In order to improve interoperability with Mastodon and other microblogging platforms, Lemmy now automatically includes a hashtag with new posts. The hashtag is based on the community name, so posts to /c/lemmy will automatically have the hashtag #lemmy. This makes Lemmy posts much easier to discover.

Reliability and security of federation have been improved, and numerous bugs squashed. Signed fetch was broken and is fixed now.

Vote display user setting

There is now a user setting to change the way vote counts are displayed, called vote display mode.

You can specify which of the following vote data you'd like to see (or hide): Upvotes, Downvotes, Score, Upvote Percentage, or none of the above. The default (based on user feedback) is showing the upvotes + downvotes.

App developers will need to update their apps to support this setting.

RSS Feeds

RSS feeds now include post thumbnail and embedded images.

Security Audit

A security audit was recently performed on Lemmy. Big thanks to Radically Open Security for the generous funding, and to Sabrina Deibe and Joe Neeman for carrying out the audit. The focus was on federation logic, and discovered various problems in this area. Most of the problems are being mitigated as part of this release. Fortunately no critical security vulnerabilities were discovered.

This is already the third security audit of Lemmy, all organized by ROS. We're greatly indebted to them for their support.

Other Changes

Full Changelog

Upgrade instructions

Warning: This version requires both a Postgres and Pictrs version upgrade, which requires manual intervention.

Follow the upgrade instructions for ansible or docker.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Thanks to everyone

We'd like to thank our many contributors and users of Lemmy for coding, translating, testing, and helping find and fix bugs. We're glad many people find it useful and enjoyable enough to contribute.

Special thanks goes to Radically Open Security, @sleepless and @matc-pub for their work on lemmy-ui and lemmy-ui-leptos, @dullbananas for their help cleaning up the back-end, DB, and reviewing PRs, @phiresky for federation work, @MV-GH for their work on Jerboa and API suggestions, @asonix for developing pictrs, @ticoombs and @codyro for helping maintain lemmy-ansible, @kroese, @povoq, @flamingo-cant-draw, @aeharding, @Nothing4U, @db0, @MrKaplan, for helping with issues and troubleshooting, and too many more to count.

Support development

We (@dessalines and @nutomic) have been working full-time on Lemmy for over three years. This is largely thanks to support from NLnet foundation, as well as donations from individual users.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. A recurring donation is the best way to ensure that open-source software like Lemmy can stay independent and alive, and helps us grow our little developer co-op to support more full-time developers.

top 18 comments
sorted by: hot top controversial new old
[–] Blaze@reddthat.com 16 points 5 months ago (1 children)

Special thanks goes to Radically Open Security, @sleepless and @matc-pub for their work on lemmy-ui and lemmy-ui-leptos, @dullbananas for their help cleaning up the back-end, DB, and reviewing PRs, @phiresky for federation work, @MV-GH for their work on Jerboa and API suggestions, @asonix for developing pictrs, @ticoombs and @codyro for helping maintain lemmy-ansible, @kroese, @povoq, @flamingo-cant-draw, @aeharding, @Nothing4U, @db0, @MrKaplan, for helping with issues and troubleshooting, and too many more to count.

Good job everyone!

[–] ChaosAD@lemmy.ml -4 points 5 months ago (3 children)

you have some nerve to try to do everything you can to boycott the software and then come here and say this.

[–] davel@lemmy.ml 10 points 5 months ago* (last edited 5 months ago) (1 children)

I’m not sure I would characterize what Blaze said in those posts that way, posts which weren’t theirs. Perhaps you’re shooting the messenger, or perhaps I’d need to re-read them.

This comment is pretty funny though:

LW is already much more active than lemmy.ml (18k monthly active users vs 2.5k: https://fedidb.org/software/lemmy/), so the system is working, people have left for a less politically biased instance

Apparently the neoliberalism of the imperial core is less politically biased 🤷 A real fish don’t know they’re in water moment.

[–] Blaze@reddthat.com 9 points 5 months ago* (last edited 5 months ago) (1 children)

Apparently the neoliberalism of the imperial core is less politically biased 🤷 A real fish don’t know they’re in water moment.

I'm really not the biggest fan of LW either: https://lemmy.ml/post/15002500

(Strangely enough, that version only has 7 comments vs 50 here: https://lemmy.blahaj.zone/post/11487804)

I'm always trying to pushing from LW to smaller communities (got another small argument about !movies@lemmy.world and !movies@lemm.ee recently).

I have also seen a few reports about LW having their own political bias, but I guess they were never as documented as they recent one about Lemmy.ml

[–] davel@lemmy.ml 6 points 5 months ago (1 children)

Yeah we’d also very much like to see no one instance dominating the Lemmyverse, our own in particular: What is lemmy.ml?

Lemmy.ml has always been a niche site, and it will most likely stay this way. We don’t have any intentions to turn it into a mainstream instance, or set a goal of getting as many users as possible.

[–] Blaze@reddthat.com 6 points 5 months ago

Indeed. Which is more or less already the case (LW communities dominating lemmy.ml ones).

The remaining ones are Linux and FOSS, but hopefully those will find alternatives too.

[–] Blaze@reddthat.com 9 points 5 months ago* (last edited 5 months ago)

I make a distinction between software development and server administration and moderation.

I have always been promoting lemmy as a platform, posting to plenty of communities, organizing some of them.

The management of the Lemmy.ml is something else, but isn't the idea of a federated network to be able to disagree on server management and still be connected?

And I've always been opposed to defederation from Lemmy.ml. If you are referring to the posts I created in the last few days about alternatives to Lemmy.ml communities, they were exactly that, alternatives. People have to freedom to use which ones they prefer.

Also, the sysadmin of my instance, Reddthat, was mentioned, so it was a good opportunity to shout out to them.

[–] Kalcifer@sh.itjust.works 5 points 5 months ago

Would you mind pointing out examples of them boycotting the software? From what I saw in their comment history, it was mostly them talking about moving away from centralization on lemmy.ml.

[–] ArrogantAnalyst@infosec.pub 11 points 5 months ago

Thank you everyone!

[–] HKayn@dormi.zone 9 points 5 months ago (2 children)

Congrats on the release!

How is lemmy-ui-leptos coming along? Curious to know when it might be ready for primetime.

[–] sleeplessone@lemmy.ml 9 points 5 months ago* (last edited 5 months ago)

It got stalled for awhile due to butting heads with a contributor who wanted to take the app in a direction that me and dessalines fundamentally disagreed with. At several points we overwrote each others' changes in PRs. After having a PR that got held up for months due to these arguments, dessalines and I decided to keep moving forward without waiting for his input. After spending some time setting up an end to end testing framework, I'm now moving at a noticeably faster pace. Compare the difference in time between the PR being opened and it being merged from the argument filled PR listed earlier and the most recent feature PR.

[–] Blaze@reddthat.com 5 points 5 months ago

Happy Lemmyversary, thank you for your work on your instance!

[–] Kalcifer@sh.itjust.works 8 points 5 months ago* (last edited 5 months ago) (1 children)

Local Only Communities

Local communities are an interesting concept, though I am concerned about unintended side effects. I have noticed many times that people from other instances chime in to meta-communities to provide some alternative viewpoints and context when instances are discussing interactions with the rest of the network. I worry that some will become too isolated/sheltered. But I suppose, in the end, that's ultimately up to the individual instances to decide.


Lemmy can now federate with Wordpress, Discourse and NodeBB.

Increased federation capabilities is always awesome to see!


In order to improve interoperability with Mastodon and other microblogging platforms, Lemmy now automatically includes a hashtag with new posts. The hashtag is based on the community name, so posts to /c/lemmy will automatically have the hashtag #lemmy. This makes Lemmy posts much easier to discover.

This is a clever solution. I think this is a good way to go about it.


RSS feeds now include post thumbnail and embedded images.Security

I really appreciate the continued attention given to keep RSS alive.


A security audit was recently performed on Lemmy.

Awesome! And congrats!


  • Added Community local_subscribers count
  • Support for custom post thumbnail
  • Indicate to user when they are banned from community
  • Added alt_text for image posts

Great features for improving the polish and user experience on Lemmy!

[–] Blaze@reddthat.com 6 points 5 months ago (1 children)

Local communities are an interesting concept, though I am concerned about unintended side effects. I have noticed many times that people from other instances chime in to meta-communities to provide some alternative viewpoints and context when instances are discussing interactions with the rest of the network. I worry that some will become too isolated/sheltered. But I suppose, in the end, that’s ultimately up to the individual instances to decide.

Probably interesting for communities where people can express themselves a bit more openly. I'm very aware to not doxx myself knowing that everyone and their grandma can run an instance and parse all of my comments

Also safer spaces for groups targeted by bigots

[–] deweydecibel@lemmy.world 2 points 5 months ago* (last edited 5 months ago)

To offer the counterpoint:

Local and private communities, if they remain only for meta content, is fine. But if they are used for other content, because they don't want other instances seeing or interacting with it, it can permit an instance to isolate itself and its content from the rest of the fediverse, while still being able to enjoy all the shared content from other instances. I.e. show me yours, but I won't show you mine.

Then, if these local only communities are the only places where people on that instance are sharing certain content, it's breaking the whole idea that it shouldn't matter what instance you're on. If instances can remain insular, it starts making more instances attractive based on their size. "If you want to enjoy this content, come join our instance."

Also safer spaces for groups targeted by bigots

Then they need to ban the bigots. Why should only the people on that instance have access to the safe space? Why is someone from another instance instantly judged as making the safe space less safe? It's basically saying "come join our instance", which is, again, going to cause unintended consequences.

[–] MBM@kbin.run 5 points 5 months ago

So much good stuff! I think the link for hashtags should go to this pull request instead

[–] Binette@lemmy.ml 5 points 5 months ago

There is a new functionality for users to list all images they have previously uploaded, and delete them if desired. It also allows admins to view and delete images hosted on the local instance.

I remember this being an issue a while back. Glad it has been addressed 👍.

[–] ChaosAD@lemmy.ml -1 points 5 months ago

Thank you!! You guys never are praised enough for your effort building this.

Western propaganda ruined the world.