Lemdit Official

Hey just an announcement. I can't code everything that comes around but if you have an idea, an existing project, or want to talk about something you're passionate about with federated apps like Lemmy or Mastodon: this is the sublemmy I opened. Fediverse is awesome but there are other apps out there too and even other protocols.

There has been a considerable increase in bot activity and malicious content posting on Lemmy recently.

Fortunately our little instance has been mostly spared so far, but I do worry that this may change at any moment.

In an effort to protect Lemdit and ensure its long term survival, we now require registration applications to be submitted by new users wanting to join us.

I've kept it short and authentic people will always be welcomed here, it just means that joining is not instantaneous anymore. I personally dislike registration applications, but I feel like protecting what we already have is more important than convenience and there aren't any better measures available yet.

Hopefully this will change as Lemmy evolves, I know the devs are working hard to find better solutions.

You may have noticed that our mascot has changed. As Lemdit grows into its identity, I wanted to find something a bit more original to represent it.

I hope you like our new octopus mascot!

Not sure where to post this exactly. But I made 2 communities here if you're interested.

https://lemdit.com/c/photoshopmythought

https://lemdit.com/c/captionthis

Are there any general chat communities on this in stance by chance?

• We have a great server host an admin
• It is cleaned up of morally & legally compromising posts to keep the server out of hot water.

Thanks for hosting us!

Making this post so we have a more positive greeting when you open the Lemmy app or land on the home page ;-)

A couple of days ago a newcomer started a new community called "Controversial ideas" and began posting content.

I originally took it at face value, however it quickly became apparent that the "controversial ideas" were all just different angles of trying to normalize relationships between adults and under-age teenagers, under the guise of pseudo-intellectual debate on age of consent laws, brain development, etc.

A bit of digging made it clear that this was an individual with an agenda. He had started similar communities on several other instances using different usernames, all with the same objective and approach. His multitude of other social media accounts told a similar story and included real hot takes such as this one:

This individual has been banned and the community removed.

I don't know how much clearer I can make it that this kind of shit isn't and will never be tolerated here.

Seeing as this was the second pedophile that tried to set up shop here in the past month, I've become a bit concerned that there may be something about our previous mascot that is giving off the wrong impression. Maybe the mouse is too childish? Maybe it looks too young? I really don't know, but I've decided to change it just in case.

Our new mascot is much more aggressive, hopefully it sends the right message. I welcome your feedback on it.

This post keeps track of all instances that Lemdit is no longer federated with and the reason why they were blocked.

The Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

• If their content has the potential to get us into legal trouble
• If they are acting as an attack vector towards us

10 July 2023

burggit.moe / lemmy.burger.rodeo - Defederated due to legal concerns. They host loli porn (cartoon porn depicting underage characters).

01 August 2023

lemmy.comfysnug.space - Defederated due to legal concerns. They host loli porn (cartoon porn depicting underage characters).

08 August 2023

detroitriotcity.com - Defederated due to legal concerns. I don't even know where to start with this one, they appear to host a suite of things that are illegal, among which loli porn (cartoon porn depicting underage characters).

Defederation explained

All Fediverse instances talk to each other. When you search for a community, for example, you will get results from any instance that has a community that matches your search terms.

If you subscribe to a community from another instance, then all content posted to that community will automatically be "federated" (shared) with our instance. In practical terms, this means our server downloads and stores a copy of that content so that it can display it to you and everybody else on our instance. This is the content you see when you click on "All" from the menu at the top:

To "defederate" is to ban an instance from sharing content with us. This means that when you search for content, you will not get any results from them. There is no ability to subscribe to their communities and anything they post on their instance will not be shared with our server.

I consider this to be an extreme measure, which is why we reserve it for servers that purposefully allow content that is illegal in our country of jurisdiction (New Zealand). Not doing so would put us at risk, since our server can potentially store a copy of content that is illegal.

Lemmy 0.18.4 was released today and Lemdit has been updated to it.

You may have noticed a 5 minute outage earlier while this was happening.

This release is mostly a bug fix, which is welcomed news. You can find the full release notes here: https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md

As always, please let me know if you encounter any weird behavior.

An alternative web client for Lemmy with the UI of Xylo

The Lemdit Photon instance can be accessed at https://p.lemdit.com

You can find more info on Photon here: https://github.com/Xyphyn/photon

I like keeping across what is happening with other Lemmy instances so lestat.org was born out of this curiosity.

It's similar to lemmy-status.org but with a few notable differences:

• Lestat is running Uptime Kuma
• Lestat monitors all instances listed on join-lemmy.org
• Lestat has a public Discord server where it automatically feeds notifications: https://discord.gg/R8zY7fM5Z8

Criteria for adding instances to Lestat

I will add any instance to Lestat based on these prerequisites:

• The instance is listed on join-lemmy.org
• The instance doesn't host anything illegal in New Zealand

Notification service for admins

If you are an instance admin and want to get automatic e-mail notifications from Lestat when your instance goes down, message me and I will set this up for you.

I hope you find Lestat useful!

It was brought to my attention that lemmy.comfysnug.space also hosts "loli porn". This content is illegal in New Zealand as well as many other countries.

Needless to say they have been defederated and all their communities purged from our server.

I'm mostly posting this in the spirit of transparency as I don't think this affects anyone here.

Please let me know if you do come across another similar instance, there are simply too many of them out there for me to check proactively.

I sincerely hope that this was the last of them, but if there are more, I also don't think it's worth me making an announcement every time we defederate one. I may instead create a generic defederation post where we keep tabs on who we defederated and why, but I welcome your feedback.

As a reminder, the Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

• If their content has the potential to get us into legal trouble
• If they are acting as an attack vector towards us

Alexandrite is a beautiful desktop-first alternative web UI for Lemmy.

The Lemdit Alexandrite instance can be accessed at https://a.lemdit.com

You can find more info on Alexandrite here: https://github.com/sheodox/alexandrite

You may have noticed that Lemdit was down for about 2 hours earlier (if you did notice, then I hope the status page kept you informed).

Below is a summary of what was done:

• Host software updates (some things required a restart).
• Host hardware upgrades - larger SSD installed and Lemdit migrated to it. This was not done out of necessity, but for future proofing.
• VM image back-ups - this is a separate activity to the nightly DB backups
• Lemmy upgraded to 0.18.3 - this version comes with significant DB improvements and required a DB migration.

Overall it took longer than I hoped it would, but I think it was all worthwhile.

Please let me know if you notice any weird behavior from Lemdit.

We had an outage, Lemdit fell over while I was asleep so bad timing. It looks like it was down for about 4 hours.

I'll look into what caused it, I have a script that tries to automatically recover Lemdit from the usual crash, but something else happened here.

Anyway if you tried to access it and couldn't - sorry! It's back now.

Edit:

I believe this was caused by cache depleting all available RAM (impressive considering we've got 128 GB allocated). This isn't normally supposed to cause an issue as cache is meant to be cleared to make room for app usage, but in practice it can be problematic and it's likely what got everything to fall over.

I've got a cron job in place that will clear cache daily now so this won't happen again.

Here's a graph if you're curious, the outage occurred ~3:30AM, the drop you see is me restarting the VM:

A familiar desktop experience for Lemmy

The Lemdit Mlmym instance can be accessed at https://old.lemdit.com

You can find more info on Mlmym here: https://github.com/rystaf/mlmym

I'm curious to get your thoughts on Lemmy. What is your impression so far? Are you enjoying it? What would you like to see different?

If you're using Lemdit, then I'm really interested to get your feedback on what your experience is like. Is there anything we can improve? Any other suggestions or ideas?

We now have a Status page that monitors Lemdit services, as well as a backup Discord server:

• Status: https://status.lemdit.com/
• Discord: https://discord.gg/7Y2CgAEG5q

The purpose of these is to keep you informed on what is going on with Lemdit and give you a way to contact me should anything go wrong.

lemdit.com / *.lemdit.com will automatically redirect to the Status page in the following scenarios:

• Planned outage (server maintenance, updates, etc)
• Unplanned outage caused by software or hardware failure

lemdit.com / *.lemdit.com will be unreachable in the following scenarios:

• Unplanned outage caused by connectivity or prolonged power failure

I get automatically notified of any outage and will keep you up to date via the Status page and/or Discord.

The Status page also sends automatic notifications to the Discord server when services go down or when they recover.

If Lemdit has gone offline and I'm nowhere to be found for a few days (think vlemmy.net), then you can assume something happened to me.

Voyager is an Apollo-like open source web client for Lemmy. It’s a mobile-first app, but works great on desktop devices, too.

The Lemdit Voyager instance can be accessed at https://m.lemdit.com

As a webapp, Voyager is easy to install on your phone through your browser controls.

You can find more info on Voyager here: https://github.com/aeharding/voyager

It feels like I've been spamming these updates recently, but it has been an eventful week for Lemmy and it's worth being on the version that has the least holes in it.

Unless there is a compelling security concern or they fix the broken theme appearance, I'm going to start limiting these updates to once a week going forward.

I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

The DB is backed up, I’ll post an update here once everything’s done.

I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

Also updating to the latest pict-rs v0.4.0 release.

This is an important update as it addresses the Lemmy exploit found yesterday, as well as some other bugs.

The DB is backed up, I’ll post an update here once everything’s done.

As you know, the Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

• If their content has the potential to get us into legal trouble
• If they are acting as an attack vector towards us

burggit.moe is unfortunately the first instance whose content has the potential to get us into legal trouble, since they are "NSFW & Loli/Shota/Cub friendly". This type of cartoon child porn is illegal in New Zealand and many other countries.

I have become more aware of them in the wake of vlemmy.net going offline, since burggit.moe were the only instance that Vlemmy defederated before their disappearance a day later: https://lemm.ee/post/794588

To my knowledge burggit.moe is the only instance that supports this kind of content, so hopefully they will remain the exception. I hope you can understand my decision. Please let me know if you have any questions or concerns.

What happened?

A Lemmy exploit has been used in the wild earlier to attack several instances, among which lemmy.world:

• https://lemdit.com/post/44993
• https://lemdit.com/post/44963

What we did about it:

At the time it was believed that the exploit had something to do with the sidebar, so I temporarily restricted new applications and disabled the ability for users to create their own communities:

• https://lemdit.com/post/45241

We have meanwhile learned that this vulnerability is present on any instance that has custom emojis defined, and is exploitable everywhere Markdown is available (posts, comments, private messages, the sidebar, etc).

As of now there is no official patch for it, however a manual fix is described in this thread:

• https://github.com/LemmyNet/lemmy-ui/issues/1895

I have applied this fix to Lemdit to be safe, noting that we never had custom emojis enabled so we were never really at risk. 10 comments with the malicious code had federated to us (and were removed through my application of the fix), however you would've still been safe viewing these comments from Lemdit.

We're now back to having open registration and the ability for users to create communities without admin intervention.

What this means for you as a Lemdit member

I want to reassure you that we were not impacted by this exploit. As previously mentioned, the exploit was specifically linked to custom emojis and we never had those defined/enabled. Even though comments containing the malicious code would've federated to us, the code would not have worked here.

As a conscequence of applying the manual fix, all existing login sessions have been reset so you will have to log back into your Lemdit account.

I expect that a new Lemmy version will be released soon to properly address this vulnerability - I will be patching us to it as soon as it's available.

Let me know if you have any questions or concerns.