this post was submitted on 10 Nov 2024
82 points (98.8% liked)

Selfhosted

40173 readers
764 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS
 

If you think this post would be better suited in a different community, please let me know.


Topics could include (this list is not intending to be exhaustive — if you think something is relevant, then please don't hesitate to share it):

  • Moderation
  • Handling of illegal content
  • Server structure (system requirements, configs, layouts, etc.)
  • Community transparency/communication
  • Server maintenance (updates, scaling, etc.)

Cross-posts

  1. https://sh.itjust.works/post/27913098
top 50 comments
sorted by: hot top controversial new old
[–] walden@sub.wetshaving.social 37 points 4 days ago (9 children)

We require applications, and most applications we get are extremely low effort and we don't approve them. If you have open registrations you'll be doing a lot of moderation for spam.

Run the software that scans images for CSAM. It's not perfect but it's something. If your instance freely hosts whatever without any oversight, word will spread and all of a sudden you're hosting all sorts of bad stuff. It's not technically illegal if you don't know about it, but I personally don't want anything to do with that.

[–] Dave@lemmy.nz 13 points 4 days ago (1 children)

I will add that if you have open registrations you will be a target for spam and trolls, and if you don't take quick action then some other instances are likely to defederate from your instance.

This depends on the instance, some will have a low tolerance and defederate pretty quickly, some instances will defederate temporarily until the spammers or trolls move to a different instance, and some won't care. But you likely won't know it's happened unless you notice you aren't getting content from that instance anymore.

One other thing is that if you're going to run an instance and aren't already on Matrix, make an account. It's how instance admins tend to keep in contact with each other.

[–] Kalcifer@sh.itjust.works 7 points 3 days ago* (last edited 3 days ago)

[...] if you’re going to run an instance and aren’t already on Matrix, make an account. It’s how instance admins tend to keep in contact with each other.

This is good advice.

[–] Kalcifer@sh.itjust.works 12 points 4 days ago (1 children)

Run the software that scans images for CSAM.

Which software is that?

[–] walden@sub.wetshaving.social 14 points 4 days ago (2 children)

It's called Lemmy-Safety of Fedi-Safety depending on where you look.

One thing to note, I wasn't able to get it running on a VPS because it requires some sort of GPU.

[–] Kalcifer@sh.itjust.works 10 points 4 days ago (11 children)

One thing to note, I wasn’t able to get it running on a VPS because it requires some sort of GPU.

This is good to know. I know that you can get a VPS with a GPU, but they're usually rather pricey. I wonder if there's one where the GPU's are shared, and you only get billed by how much the GPU is used. So if there is an image upload, the GPU would kick on to check it, you get billed for that GPU time, then it turns off and waits for the next image upload.

[–] pe1uca@lemmy.pe1uca.dev 5 points 4 days ago (2 children)

I don't think there are services like that, since usually this means deploying and destructing an instance, which takes a few minutes (if you just turn off the instance you still get billed).
Probably the best option would be to have a snapshot, which costs way less than the actual instance, and create from it each day or so yo run on the images since it was last destroyed.

This is kind of what I do with my media collection, I process it on my main machine with a GPU, and then just serve it from a low-power one with Jellyfin.

[–] Kalcifer@sh.itjust.works 2 points 3 days ago* (last edited 3 days ago) (1 children)

create from it each day or so yo run on the images since it was last destroyed.

Unfortunately, for this usecase, the GPU needs to be accessible in real time; there is a 10 second window when an image is posted for it to be processed [1].

References

  1. "I just developed and deployed the first real-time protection for lemmy against CSAM!". @db0@lemmy.dbzer0.com. !div0@lemmy.dbzer0.com. Divisions by zero. Published: 2023-09-20T08:38:09Z. Accessed: 2024-11-12T01:28Z. https://lemmy.dbzer0.com/post/4500908.
    • §"For lemmy admins:"

      [...]

      • fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. [1]

      [...]

[–] db0@lemmy.dbzer0.com 2 points 3 days ago* (last edited 3 days ago) (1 children)

You can actually run it in async model without pictrs safety and just have it scan your newly uploaded images directly from storage. It just doesn't prevent upload this way, just deletes them.

[–] Kalcifer@sh.itjust.works 1 points 16 hours ago (1 children)

You're referring to using only fedi-safety instead of pictrs-safety, as was mentioned in §"For other fediverse software admins", here, right?

[–] Kalcifer@sh.itjust.works 1 points 3 days ago

Probably the best option would be to have a snapshot

Could you point me towards some documentation so that I can look into exactly what you mean by this? I'm not sure I understand the exact procedure that you are describing.

load more comments (10 replies)
[–] db0@lemmy.dbzer0.com 3 points 4 days ago

https://github.com/db0/fedi-safety and the companion app https://github.com/db0/pictrs-safety which can be installed as part of your lemmy deployment in the docker-compose (or with a var in your ansible)

[–] Kalcifer@sh.itjust.works 5 points 4 days ago

If your instance freely hosts whatever without any oversight, word will spread and all of a sudden you’re hosting all sorts of bad stuff. It’s not technically illegal if you don’t know about it, but I personally don’t want anything to do with that.

Yeah, this is my primary concern. I'm hoping that there are established best practices for handling the majority of this sort of unwanted content.

[–] Kalcifer@sh.itjust.works 4 points 4 days ago (2 children)

If you have open registrations you’ll be doing a lot of moderation for spam.

Perhaps Captchas are sufficient?

[–] Dave@lemmy.nz 4 points 4 days ago* (last edited 4 days ago) (1 children)

The spam is not from bots, it's people being paid to spam. Captchas absolutely need to be turned on or else you get bots as well, but they don't stop the spam.

[–] Kalcifer@sh.itjust.works 4 points 4 days ago (1 children)

The spam is not from bots, it's people being paid to spam.

Do you know any specific/official organizations that do this, and/or examples where it's occured on Lemmy?

[–] Dave@lemmy.nz 3 points 4 days ago* (last edited 4 days ago) (12 children)

Its pretty random outside the Russian misinformation sites (which I haven't seen in a while, but they probably got better at hiding).

Its hard to give you a link because mods or admins remove the posts or ban the accounts pretty quick most of the time. But there is a new spam account at least every day (I can think of at least two today. Edit: 4). They come in waves so sometimes there are a whole bunch.

That's probably another thing you need to know. I'm on Lemmy.nz, you're on sh.it.works. If some new spam account signs up on Lemmy.world and posts to lemm.ee, then if it's removed by an admin on your instance it is only removed for people on your instance. Everyone else still sees it as your instance is not hosting either the community or the user so it can't federate our anything to deal with it. The lemm.ee instance could remove the post or comment with the spam in a way that federates out to other instances, but can't ban the user except for on their instance. Only the Lemmy.world instance can ban the user in a way that federates out to other instances. This is something you'll get a better understanding of over time.

Lemmy.world has a lot if help so they don't have issues, but often the spam will come from obscure instances while the admin is asleep and there is no backup, so every other instance has to remove the spam for their own instance. Then you have to work out how to mitigate that for your own instance when you are asleep. Most admins are pretty understanding that this is a hobby and don't expect everyone to be immediately available, but if you have open registrations then you are likely to be targeted more and need a better plan.

load more comments (12 replies)
[–] walden@sub.wetshaving.social 4 points 4 days ago

I just checked and we have that turned on, too.

We don't get a lot of applications. A couple per week, maybe.

load more comments (5 replies)
[–] finitebanjo@lemmy.world 5 points 4 days ago (19 children)

How much server hosting experience do you have? I asked about database preferences over in Self-Hosting once and they basically all said "don't choose a database ever. Run. Save yourself while there is still time!"

So maybe use a hosting service I guess. Makes you a more difficult target for attacks but also involves your information getting out into the world in direct connection to your instance.

[–] Kalcifer@sh.itjust.works 3 points 4 days ago

I asked about database preferences over in Self-Hosting once and they basically all said "don't choose a database ever.

I'm not sure I follow what you mean; Lemmy uses PostgreSQL.

load more comments (18 replies)
load more comments
view more: next ›