Hello world,
we’ve had various smaller updates lately that didn’t all warrant their own update posts and we don’t want to post too many announcements around the same time, so we collected them for a single larger post.
New alternative Lemmy frontend: Tesseract
We have recently added a new alternative Lemmy frontend to our collection: Tesseract.
Tesseract was forked from Photon a while back and includes a variety of additional customization options and moderation utilities.
It is available at https://t.lemmy.world/.
Lemmy-UI update to 0.19.11-ish
We have deployed a custom build of Lemmy-UI, the default Lemmy web interface, which includes most of the features included in the official 0.19.11 release.
While we haven’t updated our backend to a newer version yet, as we still have to find a solution for dealing with the newly integrated functionality to send emails on rejected registration applications, all the frontend features that don’t require a backend update have been included. The only part that is currently missing is Lemmy’s new donation dialog, as this requires a backend upgrade as well.
You can find the list of changes in the frontend section in the announcement for the 0.19.11 release.
Defederation from lemmy.one and r.nf
A Lemmy.World user informed us about an instance we are federated with that was hosting very illegal content a while back. This was a result of an attack more than a year ago, and said content federated to many other instances, which made local copies of the material. Unfortunately, when this material was taken down at the source, that action did not federate to all linked instances, meaning that there are still some instances showing this material.
Once we were made aware of this, we realized that this was likely not the only occurrence, so we started looking for other instances where this content may also still exist. We have identified more than 50 affected instances and already reached out to many of them to inform them about this content to have it taken down.
Among these instances, r.nf and lemmy.one were some of the first instances that were informed, but even after 2 months since the initial report there has been zero reaction from either instance. Both of these instances don’t appear to be moderated, as evident also by posts asking whether the instance is still maintaned on lemmy.one and 2 month old spam in r.nf’s main community.
The community that gets hit the hardest by this is !privacyguides@lemmy.one, which is the only larger community across these instances. We recommend looking for alternative communities on other instances.
Due to the lack of action and response we have since also reported this directly to their hosting providers through Cloudflare, which includes an automatic report to NCMEC.
Even when this material will get taken down now, we don’t currently believe that the instance operators are willing or able to moderate these instances properly, so we will keep them defederated unless they can convince us that they are going to moderate their instances more actively and ensure that they provide usable abuse contacts that don’t require going through their hosting provider.
We also defederate from other instances from time to time due to lack of moderation and unreachable admins among other reasons. If you’re interested in the reasons for our defederations, we aim to always document them on Fediseer. Be warned though, as this list contains a mentions or references to various disturbing or illegal material.
Most of those instances are either very small, don’t interact with Lemmy much anyway, or are explicitly stating support of content that is incompatible with our policies.
We also usually try to reach out to affected instances prior to defederation if we believe that they may not intentionally be supporting the problematic content.
We have temporarily re-federated to lemmy.one to allow this post and https://lemmy.world/post/28173100 to federate to them. We’re waiting for federation to catch up with the activities since we defederated a day ago originally before we defederate again.
Reliability of media uploads
We have recently been receiving some reports of media uploads not working from time to time. We have already addressed one of the underlying issues and are working on addressing another one currently. Please continue to let us know about issues like that to ensure that they’re on our radar.
We’re currently also working on improving our overall application monitoring to collect more useful information that helps us track down specific issues, improve visibility for errors, as well as hopefully allowing us to identify potential performance issues.
Parallel federation
Back in Lemmy 0.19.6, Lemmy introduced the option to send federated activities in parallel. Without this, Lemmy would only ever have one activity in the process of being transmitted to another instance. While most instances don’t have a large number of activities going out, we’re at the point where instances far away from us are not able to keep up with our traffic anymore due to physics limitations when waiting for data from the other side of the world.
Some instances mitigated this by setting up an external federation queue near our instance that would batch activities together to work around these limitations while this was not implemented in Lemmy and deployed on our end. Unfortunately this also meant having to maintain an additional server, which means time investment, a few bucks every month to pay, as well as another potential component that could break.
We have enabled 2 parallel sends around a week ago and aussie.zone, who were pretty much constantly lagging behind multiple days have finally caught up with us again. We will continue to monitor this and if needed increase the number of parallel sends further in the future, but so far it looks like we should be fine with 2 for a good while.
edit: added section about parallel federation
You must log in or register to comment.
We have enabled 2 parallel sends around a week ago
Ah, I was wondering what changed (for the better). My instance would randomly fall behind by somewhere between 2,000 and 20,000, and I’d have to temporarily shunt LW traffic over to the buffer server until it caught up. Noticed that hadn’t been a problem for about a week, and that explains it.
Nice update, thank you for enabling parallel federation!
I’ve got to say, I haven’t had a place on the internet quite like lemmy since the message boards of the 90s. This reminds me of one of the ones that somehow kept out the trolls.
Thank you for keeping the lights on.
Not from lemmy.world, but you seem like very competent admins. Hats off to you!
Thank you for your tireless work in keeping this place running and thus providing me with a steady supply of new content so I don’t have to resort to more drastic measures like reading a book or going outside.
Hahah, I was expecting more drastic measures to be “like Reddit or Facebook”. Well said, and agreed.
Thank you admins for your diligence when it comes to things like this (esp in regards to CSAM).
In the early days of my use of Lemmy, I considered hosting an instance myself. I’m glad that I didn’t because it seems like a lot more work than I thought it would be.
Thanks for the work that you do for us all.
I’m stunned about Lemmy.one That was my first instance, stunning that they are unmoderated.
Not from .world, but I thought I’d put in my .02 about Lemmy.one.
For the first few months after joining Lemmy, I bounced around signing up on several different instances looking for a place that felt like “home”. I liked the simple, straightforward name of Lemmy.one, so I tried to sign up there. I got a message that said my registration required authorization. I waited a few days and didn’t get anything, so I messaged the mod, Jonah. I got no reply, so I waited some more, and tried to message him again with no response. I did some digging and found a couple of other email addresses of his outside of Lemmy. I sent emails to those addresses, and to this day, almost a year and a half later, I never got authorization on Lemmy.one nor did I ever get any response in any way from Jonah.
I found a relatively local instance for me with a name I love and great, responsive mods, so it worked out for the best as I’m super happy.
Nice that you found your instance. Its just sad to see instances go offline without any trace ( or unresponsive )
Given the apparent abundance of ADHD types on forum sites like lemmy, instances springing up and soon going dark seems pretty normal really.
Awesome, glad to see we’ve updated to the new Lemmy-UI features, the banned badges and vote-view for moderators in Lemmy-UI will be a great improvement (for people worried that mods can now view votes, they always could via the API since 0.19.4, this is only a Lemmy-UI change).
While we haven’t updated our backend to a newer version yet, as we still have to find a solution for dealing with the newly integrated functionality to send emails on rejected registration applications
I’m curious why this is an issue, could you maybe please elaborate? I thought this was generally a good change since it increases transparency of moderation and lets people know if and when they were denied, and potentially for what reason too. Good to know in case they made a mistake or would like to appeal.
we currently have our own solution to send emails with a custom text explaining why people were rejected and what they can do next. we’ll have to review whether the built-in solution would be capable of replacing this functionality adequately if we add rejection reasons to lemmy when rejecting the applications.
our current solution rejects applications and then deletes the user from the database to ensure that they can sign up again if they want, as denied applications only get deleted after a week or so and an appeal process would require support tickets and a lot more time to be spent by us on addressing those.
our application process is fully automatic and just depends on certain words to be provided and the email not being disposable.
I see, that makes sense.
Tesseract looks nice!
Can I try it as a user or do I have to deploy it myself?
The link is up there in the post for you to use.
Ah, thanks & sorry. I only saw the GitHub one somehow.
Cloudflare does not automatically report to the NCMEC anymore.
they do, they just don’t require you to be registered with them anymore for their csam scanner:
They do not. Here’s the email I got (I maintain programming.dev).
The screenshot in my previous comment is directly from their abuse form at https://abuse.cloudflare.com/csam. Your email is specifically about their proactive scanner, not about abuse reports that are submitted.
They also explicitly state on their website that they forward any received CSAM reports to NCMEC:
Abuse reports filed under the CSAM category are treated as the highest priority for our Trust & Safety team and moved to the front of the abuse response queue. Whenever we receive such a report, generally within minutes regardless of time of day or day of the week, we forward the report to NCMEC, as well as to the hosting provider and/or website operator, along with some additional information to help them locate the content quickly.
I see, you’re talking about manual reporting (as in you filed a report directly on CF’s website) rather than CF’s CSAM scanning. This is the same as reporting CSAM to any US service provider.
