k.

Wow, alright, I am not here to argue. Feel free to continue arguing without me. I found a tool that quite literally was a drop-in addition for me, I had maybe one line of configuration I had to set to set it up. Silly me, I thought “Man, more admins need to know about this, hopefully they can save some money and prevent some bot traffic”.

Little did I know that doing something like giving my suggestions on things that helped me would be such an angering thing. God damn every goddamn time I post someone’s gotta through a thousand goddamn pedantic things at me. Ffs yes I know there are probably gotchas, and above I even added them. I’ve been trying to help people here and in other places I crossposted this so we could see how it would work for them. If people wanted help debugging their configurations I was ready to help debug things, offering configuration and solutions. But no, that’s too goddamn much here.

I mean what do I fucking know okay? I’ve only ran apps for over a decade like this, both myself with services here and professionally, from IIS to kubernetes from startups to big tech, I mean my job title is only senior SRE. But yes, thank you for showing me the error of my ways. I will keep things that have helped me to myself now, because posting here has been exhausting.

Well known I think I would bypass Anubis completely. Have that set as a separate block in the proxy and just continue on to whatever backend app it needs. OAuth… yeah I could see it having issues with the callback in OAuth, if it started thinking the callback endpoint was a bot. You could fix that by not using Anubis for that endpoint. In NGinx, that’s just a location block like:

location = /oauth/callback {
  proxy_pass http://lemmy-ui:1234/;
}

Where the other ones through the standard routing. Admittedly more setup.

If you choose to disable core features of your browser then yes you will have reduced functionality in your browser. That is a tradeoff you have made.

All of those both work with Anubis, and if you didn’t want them to go through Anubis would be trivial to have bypass it with one line of proxy config.

I’ve noticed you can ask the most basic thing in registrations and people bots will just ignore it

Maybe that’s why some people think it’s difficult but I didn’t find it to be. Personally it’s blocking 90% of the traffic, which for a personal instance I know that is accurate, so I’m ecstatic

As I mentioned they are held up for a few seconds once. After the trust is established a cookie is set and they pass through freely. For my instance it’s been more responsive even because the bot traffic is gone.

I mean, it was trivial for me. I run in kubernetes with a test environment with docker compose and for both of them I spun up the extra container, and then after testing that container I just swapped the Lemmy proxy over to use Anubis first. To me that’s trivial, but ymmv

Unfortunately both 0.19.4 and 0.19.5 are hanging for me when spinning up my containers, getting some weird issue with inbox timeouts. Opened a bug here

Ohhkay I finally get what you’re suggesting now. From something like Mastodon there’s no clear way to specify.

Ehh, something to be solved but not a huge deal IMO. I think it’d have to be something custom, as there’s no concept on Mastodon like Lemmy’s communities, but I still stand by DNS isn’t the way to solve it. Mixing it in with a hashtag might be a good way, where if you could “subscribe” to a hashtag over there, like #community@instance.tld, but then we’re just talking about syntax. I actually do think there needs to be a standardization on “groups” then across the fediverse, and since Lemmy is the only one I’ve seen with a group syntax, I’d just suggest we standardize !

And that’s why users get @user and communities are !community. I’m not sure what you’re asking for tbh, I think the current system works fine, searching could be easier, but I haven’t seen anyone confused by the difference there.

Nested DNS is a pain, and not really what it’s meant to do, that’s why we don’t use nested DNS. If you take DNS away as a solution (because it’s not really one), then what is currently happening makes a lot of sense.

That is how it’s done though, the syntax for communities can be searched for with !community@instance.tld. It’s just not part of DNS.

As an instance owner, the amount of overhead to support that would be nuts for me. Each subdomain would have to have DNS routed to it, or a wildcard which isn’t the best supported. On top of that I’d need to somehow manage certs in a way where when the software detects a new community it’d have to ask for a new cert and broadcast the new domain to everyone. Then what do you do about communities from other instances on your instance?

What is being done is the right way. We use DNS to tell us different services/hosts. We use the path to tell us a subsection of the same service

Right now I’m torn. I do not want to host videos. Pictures are expensive enough for me. However, I would like to see videos standardized. As you mentioned every ui handles them differently, I’d like to have a standard way that videos are handled. On the backend, something similar to pictrs would be great to enable/disable videos and enforce things like compression, video length, resolution, and more.

Actually there is, spammers are kind of funny because they help solidify the platform long term for short term gains. Turns out rate limiting was broken in the latest release of Lemmy, and no one noticed until this latest attack. So, there’s a big fix and sounds like it’ll be patched in the latest version. Thanks spammer for helping us bugfix the platform to shore it up!

I see both sides here.

On one hand, you do have some good ideas in there, and I understand wanting to write them down and push for them.

On the other, I’m also a developer and too many issues can become spammy, and every day at work I mark issues as “not prioritized” or “won’t do”. They may be valid ideas, but I’m heads down on other more critical work that I need to focus on now.

I think it’s important to remember that the devs are two devs, they don’t have a project manager/PO to regulate issues and prioritize them. It’s also an open source project, so a more valid use of time would be developing features yourself or gathering people who want to implement them and opening pull requests, rather than opening a ton of issues.

Also, I think you’d get things across the finish line if instead of opening 20 issues, you focused on one, maybe two, and pushed those really hard. Prioritize the issues yourself. Get those one or two done, then focus on the next. If you catapult 20 over the wall then it just looks like 20 issues and none of them are particularly important. The phrase “If everything is important, then nothing is important” definitely applies.

That being said, I’d definitely appreciate more transparency from the devs on the roadmap they envision, issues they want to focus on, and if they have capacity for us users to vote on our most critical features.

The problem is that does another server have to listen to the license. You’re on programming.dev. Say they obey your license that you put there. Well, say my server explicitely says “Do not send me things if you want it licensed. By sending me your data you waive all rights to your data and waive all licenses”. I can put this in my legal area too. So, who wins then? That’s different than git where if I clone it I’m pulling your data, you willingly pushed it to my server where I said what I would do with it.

ActivityPub sent it to me automatically, it’s on my server, and on my server I say anything you give me has no license. To me, that’s like the people who say FB has no right my data in a FB post.

The difference between Lemmy and Reddit is that it was Reddit’s servers, they owned the data, and there was an agreement by signing up on who owned it - Reddit. Lemmy has no such agreement, and the data is not on a “Lemmy” server, it’s stored on everyone’s servers.

It’s more akin to handing out flyers to people you meet randomly, with a note at the bottom that they can’t do anything with it. The note might hold up in court, but at the end of the day it’s probably going to be asked why you were handing the flyer out in the first place if you didn’t want people to read it. On top of that, that’s one court, we’re talking about the entire world here, who knows who or what is listening. I think that’s the biggest invert of the head, you aren’t posting to someone’s server like Reddit, you’re throwing it out to everyone who wants to listen.

To me, this doesn’t make a huge difference. If someone wants to train on it, fine, at least we get a free open platform that we can modify however we want. I just also am a bit more careful about what I post.

I’m sorry, but that’s just impossible here. I’m sorry to tell you, but it is.

ActivityPub is a protocol which takes your content and blasts it out to anyone who listens. That’s the design of it, that we all listen on our own servers and we can then treat our servers as we want. There is no profit motive on our servers because anyone could just jump to a new server.

However, this means there is literally no opt out protocol. Anyone can start a server, which means anyone can start a server. Governments, corporations, the jerk down the street, anyone. The only way to turn that off is by saying “Defederate from this server”, but of course the anonymous nature… we don’t have to know who they are.

Of course we can defederate from other servers but since anyone can spin up a server on any domain, how do you know that Meta doesn’t have a server right now at some weird domain? OpenAI could be listening right now and training. In fact I’d be surprised if the site formerly known as Twitter didn’t have a mastodon server up so they could keep tabs on it

Even deleting a message is another blast out to all other servers. “Hey, this user requests you delete this message”. So what happens if someone modifies their code to just ignore that?

I guess what I’m trying to say is that the fediverse is open and free - and the downside of being open and free is that it’s open and free - to everyone. There is no permenent delete. There is no way to way to license it because by clicking post you are saying “Blast this out to everyone who is listening”, once it’s on their server it’s their data. You gave it to them. There is no way to protect data because the protocol quite literally does the opposite.