Hi all,

I have an issue where I'm trying to setup my instance, and get as far as being able to register as an admin and login when using localhost, but not on my example domain.

When accessing my instance at https://lemmy.mydomain.com, for all appearances it appears to but up and running (I get a nice CSS theme)... but I simply cannot login. It gives 404 post responses.

Proof of failing login:

curl -H 'content-type: application/json' \
    --data-raw '{ \
"username":"tetris11", \
"password":"mypassword",  \
"password_verify":"mypassword, \
"show_nsfw":true \
}'  lemmy.mydomain.com/api/v3/user/register

returns:

<html>
<head><title>302 Found</title></head>
<body>
<center><h1>302 Found</h1></center>
<hr><center>nginx/1.25.1</center>
</body>
</html>

But if I change my domain into localhost:

curl -H 'content-type: application/json' \
    --data-raw '{ \
"username":"tetris11", \
"password":"mypassword",  \
"password_verify":"mypassword, \
"show_nsfw":true \
}'  localhost:8536/api/v3/user/register

I get

{ "jwt":"XXYYXXYY.XXYYXXYYYX", 
"registration_created":false,
"verify_email_sent":false 
}

or on repeated attempts:

{"error":"user_already_exists"}

My API is up but cannot be reached by https?

My lemmy.hjson

  database: {
    # put your db-passwd from above
    password: "db-password"
  }
  # replace with your domain
  hostname: "lemmy.mydomain.com"
  bind: "127.0.0.1"
  tls_enabled: true
  federation: {
    enabled: true
  }
  setup: {
    # Username for the admin user
    admin_username: "tetris11"
    # Password for the admin user. It must be at least 10 characters.
    admin_password: "mypassword"
    # Name of the site (can be changed later)
    site_name: "Welcome to the My Lemmy"
    # Email for the admin user (optional, can be omitted and set later through the web>
    admin_email: "realemail@email.com"
  }
  # remove this block if you don't require image hosting
  pictrs: {
    ## This port appears to be hardcoded
    url: "http://127.0.0.1:8080/"
  }
}

My lemmy-ui.service

[Unit]
Description=Lemmy UI - Web frontend for Lemmy
After=lemmy.service
Before=nginx.service

[Service]
User=lemmy
WorkingDirectory=/var/lib/lemmy-ui
ExecStart=/usr/bin/node dist/js/server.js
##Environment=LEMMY_UI_HOST=0.0.0.0:8536
Environment=LEMMY_UI_LEMMY_INTERNAL_HOST=localhost:8536
Environment=LEMMY_UI_LEMMY_EXTERNAL_HOST=lemmy.mydomain.com
Environment=LEMMY_UI_HTTPS=true
Environment=RUST_LOG=info
Restart=on-failure

# Hardening
ProtectSystem=full
PrivateTmp=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

My lemmy.service

[Unit]
Description=Lemmy - A link aggregator for the fediverse
After=network.target

[Service]
User=lemmy
ExecStart=/home/lemmy/.cargo/bin/lemmy_server
Environment=LEMMY_CONFIG_LOCATION=/etc/lemmy/lemmy.hjson
Environment=PICTRS_PATH=/var/lib/pictrs
Environment=PICTRS_ADDR=127.0.0.1:8080
Restart=on-failure

# Hardening
ProtectSystem=yes
PrivateTmp=true
MemoryDenyWriteExecute=true
NoNewPrivileges=true

[Install]
WantedBy=multi-user.target

My nginx.conf

    limit_req_zone $binary_remote_addr zone=lemmy.mydomain.com_ratelimit:10m rate=>

    server {
        server_name lemmy.mydomain.com;
        access_log  /var/log/lemmy.access.log combined;

        location / {
            proxy_pass http://0.0.0.0:1234/;  ## lemmy
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }

    listen 443 ssl http2; # managed by Certbot
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/lemmy.mydomain.com/fullchain.pem; # mana>
    ssl_certificate_key /etc/letsencrypt/live/lemmy.mydomain.com/privkey.pem; # ma>
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

After reading many Lemmy related discussions over the past days, it has become clear to me that what people expect from Lemmy / think it is, is quite different from what it actually is.

From the official documentation:

Lemmy is a selfhosted, federated social link aggregation and discussion forum. It consists of many different communities which are focused on different topics.

In other words, the Lemmy software tries to resemble Reddit and every instance that runs this software is (kind of) a Reddit clone.

Each instance is its own entire platform that is, due to federation, able to speak and pull in posts from other platforms that support the same federation protocol. Federation is often explained with the example of "imagine you could read all posts from Reddit, Facebook and Twitter on Reddit." This is indeed true, just that in the case of Lemmy (and other Fediverse platforms) a considerable number of people have decided to run the same software for all their platforms. I.e., we now have a Reddit-A, Reddit-B, Reddit-C, Reddit-D and so on.

Lemmy is not a platform, Lemmy is an application, and people have decided to all use the same software to run their own social media platforms.

Most users, on the other hand (including me), expect a single distributed platform or system. This is also how federation is being (miss)explained by many members of the community. Users expect a network of nodes which all come together to form a single system, but at the moment we have a collection of identically looking platforms which all try to either be the same thing or something entirely different. While users are unable to tell them apart.

I believe this is either a major design flaw of Lemmy (or lack of any design) or it is precisely what the creators intended, and the software is being greatly misused.

To come closer to what many users expect from the platform, Lemmy should be split up into its structural components.

This means instead of the current instances, we would have two servers, user servers and community servers. Users would be solely responsible for providing user accounts to Lemmy users. Server admins can define registration policies as it is possible today and control who signs up to their server.

Community servers, on the other hand, would be responsible for hosting one or more communities and their sole purpose would be to distribute posts and their comments to users. These servers would still be able to define policies for how people are granted write access or who can create new communities, so there might be an application required to join a community server. Moderation would also happen on the community server according to the rules defined for the server and the individual communities.

A crucial point in this is that community servers do not federate with each other, there is no reason to. Federation mainly happens between user servers and community servers (user servers might also exchange details about their users).

This setup would truly resemble the analogy that is often cited when explaining the Fediverse, email. Email (in the context of Lemmy) consists of email providers like GMail or Hotmail, that enable their users to communicate via E-Mail, but they usually do not host the mailing lists a user might subscribe to.

Distributing Lemmy like this would greatly reduce what has to be considered when choosing a provider for a Lemmy account. User servers would solely be service providers that enable access to the platform, while community servers can provide hosting for communities as well as rules and moderation.

There is more that could be done in regard to distributing the platform, but this seems like the most obvious first step.

And if so, is there documentation on the syntax?

Febiblock is a useful thing that happens on other Fediverse social in which instance admins share their worries about users or instances. After a discussion where everyone shares their knowledge about the problem, admins decide if that instace/user must be blocked or not.

It could be very useful for the recent bot spamming. Since maybe the spam could be repeated on multiple instances, by sharing the emails/usernames those bots were registering with, admins could block them more easily.

More info:

• https://joinfediverse.wiki/FediBlock
• https://fediverse.wiki/wiki/Fediblock
• https://fediblock.lgbt/

Is anyone able to find !firefox@fedia.io no matter what instance I search from, I can't find the actual community.

I've been noticing that a lot of my comments on posts aren't being replicated to lemmy.world and sopuli. Does 0.18 have a fix for these federation issues? It really detracts from the experience when half of the people in a thread aren't receiving your messages and vice versa.

Would it be possible to add a filter to show only posts with x or more than x comments? Then you could filter out all posts without comments or only show posts without comments or with greater than a certain number of comments etc.?

Or does a functionality like that already exist?

And yes I understand the irony in this post

This is a big problem. It creates the illusion that /c/cats on one particular instance is the real /c/cats.

This is the root of re-centralization and it must be pulled out.

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

i swear i wanna go back to reddit just to experience some actual content again, instead i have the same 4 posts about reddit crumbling or how lemmy is "fresh" and "friendly" and stuff

i mean I'm all for the fediverse and want to see reddit crumble but ffs i want content not reddit vs lemmy drama

I know i can sort by my subs but i want to see shit from all the site since there isn't enough content yet to just stick to my own subs yet more and more I'm finding myself itching to go back to reddit and stopping myself because fuck those guys

this exists

this suddenly doesn't

Hey folks! Just realized something that makes Lemmy different from Reddit. Because of the federation, your votes are not technically anonymous on Lemmy. At least, I think.

Although there’s no UI to look at a user’s voting history yet, one could conceivably be built by an instance. Perhaps coincidentally, I hear there’s instances out there populated by mostly bots?

A dev initially suggested in the Lemmy GitHub to remove captchas from future releases altogether because "they're easy to bypass".

Here's the thing though, the lemmy.world instance avoided the daily 10k+ bot signups per day the other instances are currently experiencing simply by activating captchas.

Yes basic OCR easily bypasses them, but the whole point is that you're forcing the spammer to use it, and it costs CPU resources, meaning that for the same budget the spammer will be able to create LESS bot accounts, or none at all if he doesn't know how to automate the use of an OCR. Compare that with the current situation where anyone who followed a Python crash course can easily write a small script doing tens of thousands of automated signups using just the requests module.

Please enable captchas by default in future releases. You can try out other proposed solutions like hashcash too but IMO focus on the low hanging fruit first and make captchas a default in 0.18 already. One barrier, no matter how weak it is, is much better than no barrier at all.

And to those who maintain websites that list instances and rank them by size, you are also contributing to this problem by adding an incentive for bad actors to inflate their own instances. Please either remove that ranking, or remove the spammy looking instances by hand.

Also, maybe change the user count such that only users having clicked on the verification link are counted.

A posting on the Instance-specific issues/observations about the upgrade: https://lemmy.ml/post/1444409

KNOWN BUGS

1. Searching site-wide for "0.18" generates an error. This was working fine in 0.17.4 before Lemmy.ml upgraded: https://lemmy.ml/search?q=0.18&type=All&listingType=All&page=1&sort=TopAll

I’m a reddit transplant and I’m excited about what I’m seeing so far in Lemmy and the Fediverse, but my brain keeps bugging me with concerns:

Maintainability and Scalability - There are a ton of instances now. Lemmy had made it easy to spin up and host your own instance. In some cases, this means people with little/no infrastructure experience are spinning things up and are unprepared for scalability challenges and costs. This post by the maintainer of a kbin instance highlighted this challenge quite well ( https://lemmy.one/post/302078 ). How do we know if an instance is properly maintained, backed up, and is able to scale? Or should we just be prepared to start over on another instance if ours fails?

Monetization - The above cost challenges bring up monetization issues. What mechanisms will instance maintainers have to help with maintenance/hosting costs? As the Fediverse grows, how do we prevent against ads and coordinated upvoting from taking over and pushing ad content?

Legal/Privacy - Privacy regulations are becoming a mine field… GDPR, CCPA, and other privacy frameworks are making it tougher to handle privacy properly. Is there a coordinated Lemmy legal defense or are instance maintainers on their own? How would you even approach a GDPR user delete request across the fediverse?

Here you can see 2 day old post warning about the danger of not using email/captcha verification: https://lemmy.ml/post/1345031

And here are stats of lemmy platform where it shows that we gained 200 000 lemmy users in 2 days: https://lemmy.fediverse.observer/dailystats

Another tracking site with the same explosion in users: https://the-federation.info/platform/73

What do you think? Is it some sort of a bug or do people run bot farms?

Edit2: It's been now 3 days and we went from 150 000 user accounts 3 days ago to 700 000 user accounts today making it 550 000+ bot accounts and counting. Almost 80% accounts on lemmy are now bots and it may end up being an very serious issue for lemmy platform once they become active.

Edit3: It's now 4th day of the attack and the amount of accounts on lemmy has almost reached 1 200 000. Almost 90% of total userbase are now bots.

Edit 3.1: my numbers are outdated, there are currently 1 700 000 accounts which makes it even worse: https://fedidb.org/software/lemmy

cross-posted from: https://lemm.ee/post/231886

That's a 2000% increase in 2 weeks! Congratulations all! I'm so proud of what we are building together here!

Hello, don't know if this is a UX bug or a feature request but anyway, here it is, i'll try to describe my use case scenario

A post in a community, especially the pinned one, is something that can last for weeks, months, years.

Maybe a comment, or a question, a leaf can be tied in a very specific thread position, adding specific new found informations in a late addition

Can we have new posts and comments in a clear different colour or in bold maybe ?

The backend seems to know which comments i have not read because it's said in yellow, and link to those posts with new comments appear with a

?scrollToComments=true

but then if i click it, i don't seems to be able to find just the new comments.

Does anybody know of a good place to upload short video clips like people do with v.redd.it?

Is there some sort of bridge similar to what is seen with Matrix and services like Discord and Messenger, but with Lemmy and Reddit so that users who are moderators of both communities can make it easier for enjoyers of one subreddit to switch?

The post count for some threads seems to be off, and there seems to be a problem with notifications for other instances.

Is the latter is a result of the recent increase of traffic on Lemmy.ml or a problem of the other instance?

I was recently approached by a user claiming to be the developer of Sync for Lemmy who wanted to be a moderator of the community I created, !syncforlemmy.

I was able to verify this user was indeed LJ Dawson as I knew where to contact him on Discord.

It is quite possible that an impostor user on another instance may be created, for example ljdawson@beehaw.org could easily be made.

Should Lemmy have a verified user marker for members who are of importance to any given community? Are there any other options to protect users against nefarious persons playing impostor?