New bot rules, Lemmy 0.18.3, and a message about alternative Lemmy frontends on lemm.ee
Hey folks!
It's time for some lemm.ee updates! Feel free to skip ahead to whichever sections seem interesting to you.
New bot rules
The reception to my previous meta post was very positive, so we are going ahead with the new bot rules on lemm.ee. The new rules have been added to our front page sidebar and will be enforced by admins starting on the 1st of August.
The final version of the rules look like this:
All bot accounts must be explicitly marked as bots
Bots must not vote on any posts or comments
Bots must disclose their specified purpose in their profile
Bots must not be responsible for the majority of content in any community
The goal for now is to limit bots to a support role. In other words, we have nothing against bots which are used to support running a community for real people, but we do not currently want to host communities which are completely filled with bot content on lemm.ee.
It's definitely true that bot-only communities might provide valuable content, but we need to balance this value with how bots affect our feeds. If in the future the volume of organic user-created content on lemm.ee increases to a point where bots can't easily overwhelm the local feeds, then we may reconsider the last rule.
I apologize again to any bot developers who have chosen lemm.ee as the home for your bot-driven communities, I hope you can find another instance without too much trouble.
0.18.3 update
Last week, lemm.ee was updated to Lemmy version 0.18.3. We were previously already running a patched version of 0.18.2 which included many of the performance improvements that landed in .3, so the upgrade did not have as much of an effect on lemm.ee as it probably did on many other instances.
In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.
lemm.ee stance on hosting alternate Lemmy frontends
In the past few months, a lot of alternate web UIs for Lemmy have started cropping up. I've checked out a few of these and I think a few look really cool!
While such frontends generally provide ways to use them without being directly hosted on any specific instance, some instances have begun hosting such frontends on their own servers as well. I've also received a few dozen requests to host such frontends directly on lemm.ee. I would like to address these requests directly here.
For the time being, I am not planning to host any other frontends than the default lemmy-ui on lemm.ee. There are several reasons for this.
I am personally familiar with lemmy-ui code (to a reasonable extent). I know what it's doing overall, I know several of its pitfalls and I am able to quickly react in case of issues. As just one example, lemm.ee was the first instance in the world which fixed the weak script-src CSP in lemmy-ui that enabled the recent login session breach on some other instances - this is because I deployed the code on lemm.ee before I submitted a PR to the lemmy-ui repo with the fix.
The above would not be true for alternative frontends. I don't have the capacity to go through the implementation details of additional projects at the moment, so I have no idea what the code would be doing in any third party UI. I have no way to guarantee that it's not malicious to begin with. Even if the code is not malicious, I would not be able to quickly apply patches if problems crop up.
As a result of all this, I am not comfortable with hosting these third party frontends on lemm.ee for now. Note that this does not mean you're not able to use such frontends with lemm.ee - all the ones I've checked will work perfectly fine without being hosted on the same domain as the instance itself. But as with any 3rd party app, please be careful when using these frontends - by doing so, you are effectively sharing your username and password with anybody who is developing and hosting them.
Personal note
Some of you may have noticed that I have been a bit less active in the several Lemmy-related communication channels & GitHub for the past week or so. The reason for this is that I've had two stressful things happen: earlier this month, I found extensive water damage in my house which is not covered by insurance. Even worse, shortly after this discovery, I received news that my current place of work, a startup, is shutting down at the end of August (mostly due to changed market conditions).
As a result, I've been spending a fair bit of time trying to deal with the renovation of my house & now am also spending additional time trying to figure out where I can land in terms of employment in order to keep putting food on the table. Nevertheless, I am hoping to get back to more Lemmy contributions soon.
Sorry to use this space for selfish purposes, but I would like to take this chance to note that if anybody is looking for a remote software engineer, I am currently open to new opportunities! Just as a short overview about myself:
I've been working as a software engineer for over a decade, about 5 years in technical leadership roles
I have experience with end to end ownership of software platforms - everything from writing code to running it in production
I'm based in the EU but happy to work in either EU or US timezones
For the past few years, my main tech stack has been TypeScript (nodejs/react) + Postgres + Terraform, but I have extensive experience with a lot of other technologies and generally am quite adaptable
I have experience running platforms at considerably bigger scale than Lemmy
I would of course happily go into much more details if you contact me directly, so if this is interesting to anybody then please feel free to reach out!
Also, please let me assure anybody who is worried: lemm.ee funding is not currently in jeopardy. For the next couple of months, lemm.ee is not even dependant on a single cent of my own financial contributions, as community support has provided enough money already to give us a nice buffer. I am planning to write a summary of our financials in the next few weeks, please keep an eye on the meta community if you're interested in seeing this!
That's all for now, thanks to anybody who has made it this far! As always, please feel free to leave comments below if you have any thoughts or questions.
I understand your stance on the frontend question. I run a forum site, and it has several modifications, and every time I need to upgrade, there's an air of, "Okay, how difficult is this going to be? Do all of the mods support the new version? What if they don't? Is there another mod that will?" and so on. It turns every upgrade into something I need to set aside a bunch of time to do...just in case.
If I were you, I'd keep it as stock as possible, because it's just much easier to maintain that way.
This seems like a good opportunity to point out that sunaurus pays for this instance out of pocket, and you can go to the GitHub sponsors page if you want to help financially support this instance!
As an author of one Lemmy front-end, I can confirm that you are potentially sharing your username and password. Unfortunately, there is no way for Lemmy front-end developers to, say, open a web socket to Lemmy instance and have you login through a web browser (which would be much prefered from security standpoint, but it is what it is).
Furthermore, from what I see, many of such front-ends store your password, instead of just the Bearer token. Unfortunately, from what I get, there is also no way of invalidating the Bearer tokens right now, so in the event of it getting stolen - you’re f***ed.
Now, couple of tips:
USE 2FA AUTHENTICATION. In the event of malicious app actually stealing your credentials, you are at least a little bit more protected by this layer.
Use password manager - do not use your banking password, please.
Only use trusted front-ends, and in the even of an app, only download versions from official sources maintained by the app author.
Make sure the instance you’re registered at has a valid HTTPS certificate.
Give me a shout on the job hunting front. I work for a European conglomerate that has its own development arm. I've worked directly with their developers in the past, though I am in a different role.
I know they're looking for people, especially those who are good in Java, JS/TS and/or Golang.
Thank you for everything! I have recently landed here after I heard you had lots of contributions to the Lemmy code and were using a load balancer for your servers.
Best of luck for your house damage and your job, I wish you the best 🤞
No issue here on sticking with the standard Lemmy front end. I'm fine with that. Even if you hosted different front ends, I'd probably keep using the standard one. Also hope the best for you on the personal side.
In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.
Since the update, comment context links have not been working for me. This severely limits the ability to have a conversation with people, as sometimes you don't even see your previous comment, only the comment you're replying to.
The effect of this is different on different platforms. On the web version, context links don't work at all, only showing you the most recent comment. In Jerboa you see a few more comments, but they aren't in the correct tree order, and the link doesn't work to climb further up the tree.
Same. It's been like that for a couple of days at least. I swear some replies are linking to a different comment thread as well.
This is a perfect reason imo to keep the frontend stock. Without being able to use the "vanilla" .ee I would have assumed the app UI i use sometimes is broken. Being able to see it on the web version I knew it was a Lemmy issue.
Even when self hosting, malicious code can still make external calls and ship user data elsewhere if so inclined. At the end of the day, it’s the users choice to share their credentials with a third party frontend and there are risks involved regardless of where it is hosted.
@sunaurus@lemm.ee Unfortunately, I don't see the Bulgarian language translations that I made on lemmy via weblate, these translations are visible in other instances that have been updated to 0.18.3, but not in lemm.ee.
I've always wanted to write a bot, for no particular function but just to do it and learn what it takes. My preferred stack is Java and spring(boot) but I suppose I can extend to something else if I have to.
Does anyone know of any resources on how to learn? I figured I can play around and write something here on lemmy. Thanks!
I originally was really bad at it, I mean embarrassingly bad. I got work because of C# (I somehow just got it) my job eventually switched to Java and it just eventually clicked. But yeah I actually enjoy it.
I feel the employment hit. My company unceremoniously shut down, all of a sudden, last Tuesday, after almost 9 years there. Supposedly, we get severance and I have leads on new employment already.