this post was submitted on 20 Jun 2023

157 points (96.4% liked)

Sysadmin

7647 readers

1 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 1 year ago

MODERATORS

DarraignTheSane

00Lemming

L3s

157

Someone shouldn't be able to have the @admin username (lemmy.world)

submitted 1 year ago by Izzent to c/sysadmin

56 comments fedilink hide all child comments

It's confusing for new users, and this instance in particular has 7k users but no interactions. It's a bot army, with the top user being called @admin.

Extremely shady and misleading.

top 50 comments

sorted by: hot top controversial new old

[–] DarraignTheSane 19 points 1 year ago* (last edited 1 year ago) (2 children)

FYI, I'm not going to remove this post or anything (and I agree as well), but it's not likely to be seen by the right people here. /c/Sysadmin is just our community for discussing sysadmin things and I don't know how much /u/Ruud or any Lemmy devs hang out here.

You might try cross-posting it to these communities:
[email protected]
[email protected]
[email protected]
[email protected]

Of note, lemmy.ml is the server that is operated by the primary Lemmy devs.

[–] Izzent 6 points 1 year ago (1 children)

Oh wow, I didn't realize, sorry! Thought I was in the right place. I could still remove it if you think it's for the best?

[–] DarraignTheSane 4 points 1 year ago (1 children)

Nah, you've already got the post and some discussion going. As said, just make it easy on yourself and use the cross-post button to get it out to those communities where some Lemmy devs might get eyes on it. :)

[–] Izzent 3 points 1 year ago

Will do, and thanks for the heads-up :)

[–] BitOneZero 1 points 1 year ago (1 children)

[email protected] is supposed to be the community for Instance/server operators to communicate.

[–] DarraignTheSane 2 points 1 year ago (1 children)

Right, but neither OP nor myself are Lemmy server operators.

[–] BitOneZero 1 points 1 year ago* (last edited 1 year ago)

It isn't exclusive to operators, and frankly most of them are ignoring it. They are either meeting in chat rooms or what, but they don't seem to like to gather on Lemmy itself to discuss the issues.

[–] [email protected] 14 points 1 year ago (1 children)

There's a ticket to fix this on kbin which would allow each instance admin to block regular users from registering common names of authority: https://codeberg.org/Kbin/kbin-core/issues/359

[–] PutangInaMo 8 points 1 year ago

Damn I gotta go lock in a @potus username before it's too late

[–] t0m5k1 12 points 1 year ago

just wow. Should be reported in github to main lemmy repo

[–] breadsmasher 10 points 1 year ago (1 children)

Doesn’t this depend on each instance though?

[–] Izzent 7 points 1 year ago (2 children)

I think some form of blanket ban on certain keywords in usernames should be used. Admin being an obvious one, but I'm sure a lot more would also be problematic.

[–] breadsmasher 6 points 1 year ago (4 children)

I guess what I meant is, how? It could be put into Lemmy sourcecode but since its open source that could be easily removed.

Each instance could possibly try and autoban any other instance user with that name?

[–] Izzent 3 points 1 year ago (1 children)

I'll admit I'm not tech-savvy enough to know how to implement something like that. Maybe someone else has a good idea though?

[–] Cubes 2 points 1 year ago

I think they could put it in the Lemmy source code that an instance won't display or take comments/posts from anyone with those usernames. So even if someone removed that restriction from their own instance, they wouldn't be able to post on any other instance that has that feature enabled

[–] [email protected] 1 points 1 year ago* (last edited 1 year ago) (2 children)

The problem is, what if an instance actually has an admin with the @admin account?

[–] breadsmasher 1 points 1 year ago

Exactly! Its not easily solved

load more comments (1 replies)

[–] [email protected] 2 points 1 year ago

@Izzent @breadsmasher IRC solved this a while back with a series of Q:lines to make it more difficult to impersonate admins etc.

[–] A_A 8 points 1 year ago (1 children)

Let's not federate with that instance. Then, they can have any bots or username they want.

[–] Izzent 7 points 1 year ago (2 children)

Usually I'd agree, but there has to be something more that can be done to prevent others from putting keywords like that in their name. Otherwise it'll just happen again...

[–] Master 14 points 1 year ago* (last edited 1 year ago) (1 children)

I think admin, administrator and those type names (system administrator, sys admin etc) should be reserved but you shouldnt ban admin as being part of a name. What about sadmin / sadminute... or badmin / badminute (and every variantion of that like MadMinotaur )and other variants like that.

[–] [email protected] 4 points 1 year ago (1 children)

Or anything relating to badminton the sport

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

R.I.P. /m/badminton

[–] A_A 13 points 1 year ago (1 children)

for other instances it's name will appear as : @admin@Podycust ...so not such a big deal

[–] [email protected] 4 points 1 year ago (2 children)

Kbin doesn't display the instance someone is on unless you click on their username for some reason. It's not a great design choice for a federated platform.

[–] A_A 1 points 1 year ago (1 children)

Today I've learned (TiL) ! thanks 🙂
if original poster (OP) had posted there instead of in lemmy.world ... would have been better ... yet not a big deal 😌

[–] Izzent 4 points 1 year ago (1 children)

I don't use kbin so I couldn't have known, sorry.

[–] A_A 1 points 1 year ago (1 children)

You are right, I'm getting confused
... and I need a coffee 😋 !

[–] Izzent 2 points 1 year ago

+1 on that coffee!

[–] Interesting_Test_814 1 points 1 year ago

Conversely and interestingly, it seems Lemmy doesn't show the instance of people that are on Kbin, but it also doesn't show the @ before username for them so they're still distinguishable (for example you show up as just EatALime, while the one you're repling to shows as @A_A and someone on another instance like lemm.ee would show as @@lemm.ee.)

[–] average650 7 points 1 year ago

I think just banning them is enough. On other instances it will indicate they are on another instance.

[–] emptyother 4 points 1 year ago (3 children)

What if a persons real name is Admin in some weird language?

A bit far-fetched I know. Still, I think that if theres gonna be a global hardcoded blacklist of usernames, someone should be very careful which words is added to that list. Each specific instance would know better what words is good and what is bad in their main language(s).

[–] DarraignTheSane 6 points 1 year ago (1 children)

https://xkcd.com/327/

[–] [email protected] 3 points 1 year ago

Then that sucks for them

[–] [email protected] 3 points 1 year ago (1 children)

This makes me want to legally change my name to admin admin

[–] [email protected] 5 points 1 year ago

Admin Password

[–] [email protected] 2 points 1 year ago* (last edited 1 year ago)

Official instance admin and community mod roles are denoted with badges, though. That's consistent across every instance already.

I could change my name to admin or use my local instance @admin account and post here, but neither would give me any superpowers. Looking at my remote @admin user from a federated instance wouldn't badge me as an admin for that instance either.

I don't see the problem or see how that affects anyone. There can be an @john on every instance. Is that confusing for users, too? Should every instance coordinate and make sure there's only one @john to rule them all? Who is the best John, and how is that determined?

That's just how the fediverse works.

[–] [email protected] 1 points 1 year ago (1 children)

Ironically the link in OP is to the actual admin of this site

[–] Izzent 1 points 1 year ago* (last edited 1 year ago) (2 children)

I'm confused, there's no link in my post?

Edit: oh I see, the link doesn't get highlighted on the website. Idk, I just sent a screenshot because it looked like they had the admin username, but I guess that one redirects to the admin of kbin, so no clue.

[–] bappity 1 points 1 year ago* (last edited 1 year ago)

~~I think they meant to refer to the profile in the screenshot you sent~~ nvm someone else clarified

[–] [email protected] 1 points 1 year ago (4 children)

@admin works as a link in your post and links to the admin of Kbin

load more comments (4 replies)

[–] [email protected] 1 points 1 year ago (1 children)

Eh, why not? It's just a name.

[–] [email protected] 2 points 1 year ago

For those of us who understand how the platform works, it wouldn't be an issue. However, if we want mass adoption of the platform, we need to take into consideration those who don't fully understand the technology and avoid situations that will lead to scams where feasible. Names of authority, like admin, root, super, etc., make a user appear to have authority they don't, which can mislead new users. ("Support our server by sending bitcoin to this address that is really my personal wallet" type scams comes to mind.) You could say that it's the person's fault for falling for it, but it's something that would drive people away from the platform which can be easily avoided in the first place.

load more comments