this post was submitted on 17 Sep 2023
14 points (100.0% liked)

important instance shit

149 readers
1 users here now

founded 1 year ago
MODERATORS
 

in a thread complaining about the general state of lemmy, I read a comment where someone linked the alternative lemmy UI Photon. some general thoughts:

  • this shit looks like new.reddit, which I hate
  • however, it is extremely fast
  • it looks like someone with UX experience was at least in proximity to this at the time it was designed?
  • I don’t think there’s an easy CSS way to make this look less like new.reddit
  • having tried it on a test instance, the promise of better mod/admin tools seems ambitious currently, though maybe they’ll get there faster than lemmy-ui
  • overall, it feels a lot nicer to use than either lemmy-ui or new.reddit

you can hook Photon up to awful.systems using the Accounts option in the menu on the top right, though for opsec reasons I can’t encourage anyone to log in to this weird external site with their awful.systems credentials. check it out with the guest instance option (which doesn’t need a login) or use a disposable lemmy.ml account or something

what I want to know is: does anyone use this thing, and does anyone want it here? if there’s demand for it, I can spin up a secure copy of it for our instance under an alternate path. for me it’s a bit of a hard sell due to its resemblance to the reddit redesign, but lemmy’s UI is decoupled enough from its backend that running this thing shouldn’t impact much

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 5 points 1 year ago (1 children)

Using the network devtools, you can see that logging in sends the request directly to the instance, and does not send it through the server. The only proxying done is to upload images due to a CORS issue with Lemmy.

The client is open source, you can check it here: https://github.com/Xyphyn/photon

[–] [email protected] 4 points 1 year ago

I know your code isn’t malicious; in general I don’t recommend, write a Nix package for, and deploy malware. the threat model here is that the infrastructure that hosts phtn.app gets compromised by an external malicious actor, who then swaps your code out for a version that hijacks JWTs and steals credentials, which would be a big mess for me to clean up. given how many best practices around JWTs and security best practices the lemmy backend ignores (and of course none of this is a Photon problem, these are just the cards the backend has dealt us both), I prefer an ounce of paranoia over a security event that would be very hard to recover from