BeyondCombustion.net

Yeah, lemme get that self-hosted threads spyware plz. would love to toss one up here once I setup Mastodon.

cross-posted from: https://lemmy.world/post/1303827

Current breakdown at the time of this post sorted by the number of monthly active users:

1. lemmy.world: 101,013 total users / 27,472 active users
2. lemmy.ml: 41,972 total users / 4,905 active users
3. beehaw.org: 12,270 total users / 4,178 active users
4. sh.itjust.works: 17,509 total users / 3,381 active users
5. feddit.de: 8,675 total users / 2,935 active users
6. lemm.ee: 10,348 total users / 2,751 active users
7. lemmynsfw.com: 22,967 total users / 2,310 active users
8. lemmy.fmhy.ml: 8,777 total users / 1,704 active users
9. lemmy.ca: 5,072 total users / 1,656 active users
10. programming.dev: 5,058 total users / 1,242 active users

Source: https://the-federation.info/platform/73

cross-posted from: https://lemmy.federate.cc/post/4824

Just thought I'd share this since it's working for me at my home instance of federate.cc, even though it's not documented in the Lemmy hosting guide.

The image server used by Lemmy, pict-rs, recently added support for object storage like Amazon S3, instead of serving images directly off the disk. This is potentially interesting to you because object storage is orders of magnitude cheaper than disk storage with a VM.

By way of example, I'm hosting my setup on Vultr, but this applies to say Digital Ocean or AWS as well. Going from a 50GB to a 100GB VM instance on Vultr will take you from $12 to $24/month. Up to 180GB, $48/month. Of course these include CPU and RAM step-ups too, but I'm focusing only on disk space for now.

Vultr's object storage by comparison is $5/month for 1TB of storage and includes a separate 1TB of bandwidth that doesn't count against your main VM, plus this content is served off of Vultr's CDN instead of your instance, meaning even less CPU load for you.

This is pretty easy to do. What we'll be doing is diverging slightly from the official Lemmy ansible setup to add some different environment variables to pict-rs.

After step 5, before running the ansible playbook, we're going to modify the ansible template slightly:

cd templates/

cp docker-compose.yml docker-compose.yml.original

Now we're going to edit the docker-compose.yml with your favourite text editor, personally I like micro but vim, emacs, nano or whatever will do..

favourite-editor docker-compose.yml

Down around line 67 begins the section for pictrs, you'll notice under the environment section there are a bunch of things that the Lemmy guys predefined. We're going to add some here to take advantage of the new support for object storage in pict-rs 0.4+:

At the bottom of the environment section we'll add these new vars:

  - PICTRS__STORE__TYPE=object_storage
  - PICTRS__STORE__ENDPOINT=Your Object Store Endpoint
  - PICTRS__STORE__BUCKET_NAME=Your Bucket Name
  - PICTRS__STORE__REGION=Your Bucket Region
  - PICTRS__STORE__USE_PATH_STYLE=false
  - PICTRS__STORE__ACCESS_KEY=Your Access Key
  - PICTRS__STORE__SECRET_KEY=Your Secret Key

So your whole pictrs section looks something like this: https://pastebin.com/X1dP1jew

The actual bucket name, region, access key and secret key will come from your provider. If you're using Vultr like me then they are under the details after you've created your object store, under Overview -> S3 Credentials. On Vultr your endpoint will be something like sjc1.vultrobjects.com, and your region is the domain prefix, so in this case sjc1.

Now you can install as usual. If you have an existing instance already deployed, there is an additional migration command you have to run to move your on-disk images into the object storage.

You're now good to go and things should pretty much behave like before, except pict-rs will be saving images to your designated cloud/object store, and when serving images it will instead redirect clients to pull directly from the object store, saving you a lot of storage, cpu use and bandwidth, and therefore money.

Hope this helps someone, I am not an expert in either Lemmy administration nor Linux sysadmin stuff, but I can say I've done this on my own instance at federate.cc and so far I can't see any ill effects.

Happy Lemmy-ing!

cross-posted from: https://lemmy.world/post/1299831

Hi all,

If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers.

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

How?

This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going.

Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this.

What happens next?

As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see:

1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report:

• Exactly what happened, when.
• The incident response that occurred from instance admins
• Information that might have helped resolve the issue sooner
• Any issues that prevented successful resolution
• What should have been done differently by admins
• What should be improved by developers
• What can be used to identify the next attack
• What tools are needed to identify that information

2. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue.

3. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.

Last night we moved the last of our stuff out of the basement....

We're hosted in a colo data center now!

Also updated to v0.18.2-rc1 to address the issues with cross site scripting that impacted lemmy.world and others last night.

Lemmit bot is off, not planning on turning that back on at this time.

Next on list:

• Finishing up some SSO/authentication that'll make giving admin access to different server services, apps, whatever possible in a manageable way.
• Complete paperwork/financial/tax/blahblahblah stuff

cross-posted from: https://lemmy.world/post/1060913

cross-posted from: https://lemmy.world/post/1032247

Finally tried the official Reddit app. It's as bad as they say.

Hey everybody!

The BeyondCombustion.net server will go offline for a bit at some point tonight/this weekend so I can migrate everything to the server in the data center and make DNS changes.

Hopefully not more than a couple hours, DNS changes can be….. fun.

My Ray-Ban case makes for a nice Firewood hardcase. It's claps closed but I throw a heavy rubber band around it so it stays shut. I have bunch of stuff riding around in my pack. falling while biking or skating is not uncommon. It's nice peace of mind.

cross-posted from: https://lemmy.world/post/1063439

https://mastodon.moule.world/@MOULE/110586193055950459

My first instinct is to block that garbage from federating with this server because, fuck the zuck.

cross-posted from: https://lemmy.world/post/1033696

We'll get there

But I forgot the gateway/firewall/router and had to drive back home (not as close as I’d originally hoped).

ooof.

Heading back to the data center again, hopefully didn’t forget anything else. 🤦‍♂️

cross-posted from: https://lemmy.world/post/1023609

Pornhub has shut off access in Mississippi and Virginia to protest age verification laws that can involve checking government IDs. It previously blocked access in Utah.

cross-posted from: https://lemmy.world/post/1027821

Add it all up, and the social web is changing in three crucial ways: It’s going from public to private; it’s shifting from growth and engagement, which broadly involves building good products that people like, to increasing revenue no matter the tradeoff; and it’s turning into an entertainment business. It turns out there’s no money in connecting people to each other, but there’s a fortune in putting ads between vertically scrolling videos that lots of people watch. So the “social media” era is giving way to the “media with a comments section” era, and everything is an entertainment platform now. Or, I guess, trying to do payments. Sometimes both. It gets weird.

As far as how humans connect to one another, what’s next appears to be group chats and private messaging and forums, returning back to a time when we mostly just talked to the people we know. Maybe that’s a better, less problematic way to live life. Maybe feed and algorithms and the “global town square” were a bad idea. But I find myself desperately looking for new places that feel like everyone’s there. The place where I can simultaneously hear about NBA rumors and cool new AI apps, where I can chat with my friends and coworkers and Nicki Minaj. For a while, there were a few platforms that felt like they had everybody together, hanging out in a single space. Now there are none.

I’d love to follow that up with, “and here’s the new thing coming next!” But I’m not sure there is one. There’s simply no place left on the internet that feels like a good, healthy, worthwhile place to hang out. It’s not just that there’s no sufficiently popular place; I actually think enough people are looking for a new home on the internet that engineering the network effects wouldn’t be that hard. It’s just that the platform doesn’t exist. It’s not LinkedIn or Tumblr, it’s not upstarts like Post or Vero or Spoutable or Hive Social. It’s definitely not Clubhouse or BeReal. It doesn’t exist.

Long-term, I’m bullish on “fediverse” apps like Mastodon and Bluesky, because I absolutely believe in the possibility of the social web, a decentralized universe powered by ActivityPub and other open protocols that bring us together without forcing us to live inside some company’s business model. Done right, these tools can be the right mix of “everybody’s here” and “you’re still in control.”

But the fediverse isn’t ready. Not by a long shot. The growth that Mastodon has seen thanks to a Twitter exodus has only exposed how hard it is to join the platform, and more importantly how hard it is to find anyone and anything else once you’re there. Lemmy, the go-to decentralized Reddit alternative, has been around since 2019 but has some big gaps in its feature offering and its privacy policies — the platform is absolutely not ready for an influx of angry Redditors. Neither is Kbin, which doesn’t even have mobile apps and cautions new users that it is “very early beta” software. Flipboard and Mozilla and Tumblr are all working on interesting stuff in this space, but without much to show so far. The upcoming Threads app from Instagram should immediately be the biggest and most powerful thing in this space, but I’m not exactly confident in Meta’s long-term interest in building a better social platform.

cross-posted from: https://lemmy.world/post/1022101

Lemmy.world grew from about 51k users when third-party reddit apps started to shut down to about 84.8k users at the time of this post.

Definitely felt some growing pains in the past few days, but it's great to see the platform more active now that things have become more stable.

So, welcome reddit expats!

cross-posted from: https://vlemmy.net/post/414849

Looks like the admin for kbin.lol has some pretty valid gripes with the current status of Kbin. I have to agree, you can tell the platform is not up to speed at all.

Kbin looks visually great but the backend just isn't there. Check out his statement, it's worth the read.

If you were subscribed to the vaporents channel on this server (or anything else that disappeared) you’ll need to rejoin the channel.

To bring over live posts from Reddit the bot wanted to create the community itself, so it needed to be removed so that could take place.

Looks like we’re cooking with gas now though

cross-posted from: https://lemmy.world/post/920949

Lemmy.world grew from around 51000 total users the moment 3rd party reddit apps started to shut down on June 30 to 71000 total users at the time of this post (July 1). That's a 40% growth in about 12 hours!

Welcome new reddit expats!

cross-posted from: https://lemmy.world/post/632941

From 3000 daily active users on June 1, 2023 to 47500 on June 26, 2023.

According to Lemmy's documentation, "An active user is someone who has posted or commented on our instance or community within the last given time frame."

Sources:

• https://lemmy.fediverse.observer/dailystats&days=30
• https://join-lemmy.org/docs/contributors/07-ranking-algo.html

---

EDIT: check out this link for a list of lemmy apps: https://lemmy.world/post/465785