Sorry for the short post, I'm not able to make it nice with full context at the moment, but I want to quickly get this announcement out to prevent confusion:

Unfortunately, people are uploading child sexual abuse images on some instances (apparently as a form of attack against Lemmy). I am taking some steps to prevent such content from making it onto lemm.ee servers. As one preventative measure, I am disabling all image uploads on lemm.ee until further notice - this is to ensure that lemm.ee can not be used as gateway to spread CSAM into the network.

It will not possible to upload any new avatars or banners while this limit is in effect.

I'm really sorry for the disruption, it's a necessary trade-off for now until we figure out the way forward.

Hey folks

I have been receiving a lot of messages every single day about federation with hexbear. Some of our users are vehemently against it, others are in full support. The conversation does not seem to be dying down, rather, the volume of messages I receive about it seems to be increasing, so I am opening this public space where we can openly discuss the topic.

I am going to write a wall of text about my own thoughts on the situation, I’m sorry, but no tl;dr this time, and I ask anybody participating in this thread to first read through this post before commenting.

Before I go any further, I want to be clear that for anybody who participates here, it is required to focus on the quality of your posts. That means:

• Be kind to each other, even if you disagree
• Use arguments rather than calling people names
• Realize that this is a divisive topic, so your comments should be even more thoughtful than usual

With that out of the way, there are a few things I want to cover.

On defederation in general

First of all, I am a firm believer that defederation must be reserved only for cases where all other methods have failed. If defederation is used liberally, then a small group of malicious users can effectively completely shut down the federated network, by simply creating the type of drama between instances which would inevitably result in defederation. In my view, federation is the biggest strength of Lemmy compared to any centralized discussion forum, so naturally I think maintaining federation by default is an important goal in general.

I am also a believer in the value of deplatforming hateful content, but I think defederation is not the best way to do this. Banning individual users, banning communities and establishing a culture of mutual support between mods and admins of different instances should be the first line of defense against such content. There are some further steps that can be taken before defederation as well, but these are not really documented anywhere (in order to prevent circumvention). The point is: for myself, defederation is the absolute last resort, only to be used when it is completely clear that other methods are ineffective.

Finally, I am wary of creating a false expectation among lemm.ee users that lemm.ee admins endorse all users and communities and content on instances we are federated with. Here at lemm.ee, we use a blocklist for federation, which means our default apporach is to federate with all new instances. We do not have the resources (manpower, skills and knowledge) necessary to pass judgement on all instances which exist out there, as a result, users on lemm.ee are expected to curate their own content to quite a high degree. In addition to downvoting and/or reporting as necessary, individual lemm.ee users are also able to block specific users and communities, and the ability to block entire instances is coming very soon as well.

Having said all that, in a situation where all other methods do indeed fail, defederation is not out of the question. Making such a call is up to the discretion of lemm.ee admins, and doing it as a last resort is completely in line with our federation policy.

Regarding hexbear

Hexbear is an established Lemmy instance, focused on many flavors of leftism. They have quite a large userbase who are very active on Lemmy (often so active that they leave the impression brigading all popular Lemmy posts). One important thing to note is that while some forms of bigotry seem to be quite accepted by many hexbear users (but seemingly not by mods - more on that below), they at least are very protective of LGBT rights (and yes, I am quite certain that they are not just pretending to do this, as many users seem to believe). Additionally, while I have noticed quite high quality posts from hexbear users, there are also several users there who seem to really enjoy trolling and baiting (very reminiscent of 4chan-type “for the lulz” posting), and it’s important to note that this kind of posting is in general allowed on hexbear itself.

The reason this whole topic is important to so many people right now (despite hexbear being a relatively old instance), is that hexbear only recently enabled federation. A combination of their volume of posts, their strong convictions, the excitement about federation, and the aforementioned trolling has made them very visible to almost all Lemmy users, and this has sparked discussions about the value of federation with hexbear on a lot of Lemmy instances.

My own experience with hexbear

I want to write down my own experience with interacting with hexbear users, mods, and admins over the past few days. I believe this experience will highlight why I am hesitant to advocate for immediate full defederation from hexbear at this point in time, and am for now still more in favor of taking action on a more individual user basis. Please read and see how you feel about the situation afterwards.

Background

My first real contact with hexbear users was in the comments section of a post in this meta community requesting defederation from hexbear by @[email protected]. That post is now locked, because several hexbear users very quickly started doing the aforementioned “for the lulz” type spamming of meme images in the comments (these are actually just emojis, but they are rendered as full-size images on all instances other than the source instance, due to a current Lemmy bug).

I did not want to take further actions in that thread in general (for archival purposes), but I did take one action, which in retrospect was a mistake: I removed a comment which contained the hammer and sickle symbol. I ignorantly associated this symbolism with Kremlin propaganda, and the atrocities my own people suffered at the hands of the soviet union during the previous century. Many users (including hexbear users) correctly (and politely) pointed out to me in DMs that the symbol has a much broader use than just as the symbol of the USSR, and people elsewhere in the world may not associate it with the USSR at all. I am grateful for users who pointed this out to me without resorting to personal attacks.

Let me be clear here: while I do not have anything against leftism or communist ideas in general (in fact in today’s world, I think discussion of such ideas is quite necessary), Kremlin propaganda has no place on lemm.ee. Any dehumanizing talking points of the Kremlin on lemm.ee are treated as any other bigotry, and if communist symbolism is used in context of Kremlin propaganda (that is the context in which I have been exposed to it throughout my whole life), then it will still be removed. But there is no blanket ban on communist symbolism in general on lemm.ee, and discussing and advocating for leftist and communist topics (as distinct from the imperialist and dehumanizing policies of the Kremlin) is certainly allowed on lemm.ee.

Hexbear user response

Coming back to the events of the past few days: soon after my removal of the comment containing the symbol from the meta thread, two posts popped up on hexbear. One was focused on insulting and spreading lies about me personally. Another was focused on diminishing the horrors of the soviet occupation in my country. In the comments under both of these posts (and in a few other threads on hexbear), I noticed some seriously disturbing bigotry against my people. There were comments which reflected the anti-Estonian propaganda of the current Russian state, things like:

• Suggesting that my people has no right to exist
• Stating that my people (and other Baltic nations) are subhuman
• Claiming that anybody critical of both nazi and soviet occupations is themselves a nazi and a holocaust denier

I expect to hear such statements from the Russian state - here in Estonia, we are subjected to this and other kinds of bigotry constantly from Russian media - but to see it spread openly in non-Russian channels is extremely disturbing. Such bigotry is completely against lemm.ee rules in general. Additionally, my identity is public information, because I feel it’s important for the integrity of lemm.ee that I don’t hide behind anonymity. Considering this, I’m sure you can understand why I am very worried about my own safety when people leave comments in many unrelated threads (where my original posts are not even visible), baselessly calling me a nazi and a holocaust denier.

Note that the goal of this post is not to start a new debate in the comments about the the repressions of the soviet union in Estonia or other occupied territories, but if the topic interests any users, I can recommend the 2006 documentary The Singing Revolution (imdb). The trailer is a bit cheesy, but the actual film contains lots of historical footage from the soviet occupation, and also many interviews with people who experienced it, who share stories which are deeply familiar to all Estonians. If anybody is interested in further discussion, then I suggest making a post about it in the Estonian community here: [email protected].

Hexbear admin response

After the above events had played out, I reached out to hexbear admins for clarification on their moderation policies and how they handle such cases. I was actually very happy with their response:

1. They immediately removed the personal attacks and dehumanizing comments containing Kremlin propaganda from Hexbear, and assured me that such content is always handled by mods
2. They told me that while there are all kinds of leftists on hexbear, Russian disinformation is generally either refuted in comments or removed by mods
3. They implemented some additional rules on hexbear to try and reduce the trolling experienced by many other instances, including ours: https://hexbear.net/post/352119

My personal take-aways

Let me play the devil’s advocate here and employ some “self-whataboutism”: among all users that have been banned on lemm.ee for bigotry, the majority were actually not users from other instances, and in fact people with lemm.ee accounts. If we judge any larger instance only by bigoted posts that some of its users make, then we might as well declare all instances as cesspools and close down Lemmy completely. I believe it’s far more useful to judge instances based on moderation in response to such content. Just as we remove bigoted content from lemm.ee, I have also witnessed bigoted content being removed from hexbear.

At the same time, I am aware of some internal conflict between hexbear users over the more strict moderation they are now starting to employ, and I am definitely keeping an eye on that situation and how admins handle it.

I am also still quite worried about the amount of distinct users on hexbear who have posted Kremlin propaganda. I so far don't have reason to believe that these users are employed by the Russian state, but the fact that they are spreading the same hateful content which can be seen on Russian television seems problematic to say the least, and it remains to be seen if moderators can truly keep up with such content.

Where thing stand right now

I am not convinced that we are currently at a point where the “last resort” of defederation is necessary. This is based on the presumption that our moderation workload at lemm.ee will not get out of hand just due to users from that particular instance. My current expectation is that as the excitement of federation calms down (and as new rules on hexbear go into effect), the currently relatively high volume of low effort trolling will be replaced by more thoughtful posts. If this is not the case then we will certainly need to re-evaluate things.

Additionally, nothing is changing about our own rules regarding bigotry. Especially relevant in the context of Kremlin propaganda, I want to say that dehumanizing anybody is not allowed on lemm.ee (hopefully I do not have to spell it out, but this of course includes Ukrainians, LGBT folks, and others that the Kremlin despises), and action will be taken against any users who do this, regardless of what instance they are posting from.

Finally, I am very interested to hear thoughts and responses from our own users. I am super grateful to anybody who actually took the time to read through this massive dump of my own thoughts, and I am very interested to get a proper understanding of how our users feel about what I’ve written here. Please share any thoughts in the comments.

Hey all!

I promised to write an update about our current financial situation. This post will list all the incomes and expenses for the past few months up until today. I will also try to give some estimates on future expenses.

Let's start with expenses

June

• 14.12€ - Outgoing e-mails
• 222.28€ - Cloudflare Pro (1 year subscription, paid upfront)

July

• 94.32€ - Server infrastructure for June
• 22.06€ - Outgoing e-mails

August

• 280.70€ - Server infrastructure for July
• 13.84 - Outgoing e-mails

Total expenses so far: 647.32€

Next up: income

June

• 500€ - initial contribution by myself

July

• 174.66€ - Ko-Fi donations for June

August

• 247.64€ - Ko-Fi donations for July
• 1358.95€ - GitHub sponsorships for June, July and August (pending until the 22nd)

Total income so far: 922.30€ + 1358.95€ (pending)

Current balance: 274.98€ (cleared) + 1358.95€ (pending)

One more note regarding the donations: the bulk of the donation income is actually from early July. Initially in July, the split between one time and recurring donations was roughly 50%-50%, but at this point in August, most (over 90%) of income is generated by recurring donations.

Let me also try to answer a few potential questions:

Why is the GitHub sponsorship income pending?

I opened GitHub sponsorships in June. GitHub has a policy to initially hold all funds for a 60-day probation period to prevent abuse, so they have been holding all sponsorships for the past few months. As of today, we have passed the 60-day period, and I can see an update in my dashboard which says that all accumulated funds will be released on the 22nd (and any future funds will be paid out monthly after that).

Will infrastructure costs keep increasing?

I don't want to jinx it, but in fact I believe we have managed to stabilize costs for now. I expect August costs to be more or less similar to July. I don't have an exact figure here, because I am constantly scaling resources up to respond to spikes in traffic, and scaling down whenever I am able to optimize any slow parts of Lemmy. But on average I believe we won't be using more resources in August than we did in July.

By the way, quick side note here: many developers have submitted several great optimization patches to Lemmy over the summer, and without this, it would be almost impossible to run Lemmy at its current scale. I'm 100% sure that if the whole network downgraded to 0.17.4 today, the network would just collapse. Having said that, there is still a long way to go with optimizations, with many known issues that still need to be solved.

How long will our current funds last us?

Assuming we don't need to massively scale up servers any time soon, our current buffer will last us at least until the end of 2023, if not longer.

I want to give a huge thanks to all sponsors and donors - as you can see from the numbers, you are having a huge effect on the financial viability of lemm.ee!

We have certainly scaled past a point where I could financially support lemm.ee just on my own, so all lemm.ee users truly owe their gratitude to all sponsors for covering the costs of this platform.

As always, if anybody has any further questions or comments, please let me know!

Hey folks!

It's time for some lemm.ee updates! Feel free to skip ahead to whichever sections seem interesting to you.

New bot rules

The reception to my previous meta post was very positive, so we are going ahead with the new bot rules on lemm.ee. The new rules have been added to our front page sidebar and will be enforced by admins starting on the 1st of August.

The final version of the rules look like this:

• All bot accounts must be explicitly marked as bots
• Bots must not vote on any posts or comments
• Bots must disclose their specified purpose in their profile
• Bots must not be responsible for the majority of content in any community

The goal for now is to limit bots to a support role. In other words, we have nothing against bots which are used to support running a community for real people, but we do not currently want to host communities which are completely filled with bot content on lemm.ee.

It's definitely true that bot-only communities might provide valuable content, but we need to balance this value with how bots affect our feeds. If in the future the volume of organic user-created content on lemm.ee increases to a point where bots can't easily overwhelm the local feeds, then we may reconsider the last rule.

I apologize again to any bot developers who have chosen lemm.ee as the home for your bot-driven communities, I hope you can find another instance without too much trouble.

0.18.3 update

Last week, lemm.ee was updated to Lemmy version 0.18.3. We were previously already running a patched version of 0.18.2 which included many of the performance improvements that landed in .3, so the upgrade did not have as much of an effect on lemm.ee as it probably did on many other instances.

In any case, we are now again running on a completely unmodified version of Lemmy, and will continue to do so until there are performance or security reasons to run a custom patch again.

lemm.ee stance on hosting alternate Lemmy frontends

In the past few months, a lot of alternate web UIs for Lemmy have started cropping up. I've checked out a few of these and I think a few look really cool!

While such frontends generally provide ways to use them without being directly hosted on any specific instance, some instances have begun hosting such frontends on their own servers as well. I've also received a few dozen requests to host such frontends directly on lemm.ee. I would like to address these requests directly here.

For the time being, I am not planning to host any other frontends than the default lemmy-ui on lemm.ee. There are several reasons for this.

I am personally familiar with lemmy-ui code (to a reasonable extent). I know what it's doing overall, I know several of its pitfalls and I am able to quickly react in case of issues. As just one example, lemm.ee was the first instance in the world which fixed the weak script-src CSP in lemmy-ui that enabled the recent login session breach on some other instances - this is because I deployed the code on lemm.ee before I submitted a PR to the lemmy-ui repo with the fix.

The above would not be true for alternative frontends. I don't have the capacity to go through the implementation details of additional projects at the moment, so I have no idea what the code would be doing in any third party UI. I have no way to guarantee that it's not malicious to begin with. Even if the code is not malicious, I would not be able to quickly apply patches if problems crop up.

As a result of all this, I am not comfortable with hosting these third party frontends on lemm.ee for now. Note that this does not mean you're not able to use such frontends with lemm.ee - all the ones I've checked will work perfectly fine without being hosted on the same domain as the instance itself. But as with any 3rd party app, please be careful when using these frontends - by doing so, you are effectively sharing your username and password with anybody who is developing and hosting them.

Personal note

Some of you may have noticed that I have been a bit less active in the several Lemmy-related communication channels & GitHub for the past week or so. The reason for this is that I've had two stressful things happen: earlier this month, I found extensive water damage in my house which is not covered by insurance. Even worse, shortly after this discovery, I received news that my current place of work, a startup, is shutting down at the end of August (mostly due to changed market conditions).

As a result, I've been spending a fair bit of time trying to deal with the renovation of my house & now am also spending additional time trying to figure out where I can land in terms of employment in order to keep putting food on the table. Nevertheless, I am hoping to get back to more Lemmy contributions soon.

Sorry to use this space for selfish purposes, but I would like to take this chance to note that if anybody is looking for a remote software engineer, I am currently open to new opportunities! Just as a short overview about myself:

• I've been working as a software engineer for over a decade, about 5 years in technical leadership roles
• I have experience with end to end ownership of software platforms - everything from writing code to running it in production
• I'm based in the EU but happy to work in either EU or US timezones
• For the past few years, my main tech stack has been TypeScript (nodejs/react) + Postgres + Terraform, but I have extensive experience with a lot of other technologies and generally am quite adaptable
• I have experience running platforms at considerably bigger scale than Lemmy

I would of course happily go into much more details if you contact me directly, so if this is interesting to anybody then please feel free to reach out!

Also, please let me assure anybody who is worried: lemm.ee funding is not currently in jeopardy. For the next couple of months, lemm.ee is not even dependant on a single cent of my own financial contributions, as community support has provided enough money already to give us a nice buffer. I am planning to write a summary of our financials in the next few weeks, please keep an eye on the meta community if you're interested in seeing this!

That's all for now, thanks to anybody who has made it this far! As always, please feel free to leave comments below if you have any thoughts or questions.

Tallinnasse sõites peaks vist päästevesti kaasa võtma?

Hey folks!

Bots on lemm.ee

There has been some discussion lately regarding bot accounts on lemm.ee. Many users have noticed that some of our feeds are dominated by bot posts. These bot posts are not super engaging - they generally don't generate any discussions. The most problematic bots are the ones which just repost large amounts of content from elsewhere.

I have looked over a lot of user feedback on this issue, and also discussed the matter with other lemm.ee admins. We feel that at this time, repost bots are not healthy for lemm.ee, so we are introducing some new rules to limit such bots.

To be clear, I have nothing against users who want to use bots to just help organize and run their communities. The problem is specifically with communities which are not just supported by bots, but actually overwhelmingly run by bots.

Proposed new rules for bots

The rules we are considering are as follows:

• All bot accounts must be explicitly marked as bots (can be done through the API or on the user settings page)
• Bots are not allowed to vote on any posts or comments
• Bots should disclose their specified purpose in their profile description
• Bots should not have a disruptive influence on a community
• Bots should not be responsible for the majority of content in any community

If you are a bot developer and you can already tell that your bot would be in violation of some of these rules, then I am very sorry to inconvenience you, but I would ask to please choose (or consider hosting!) another Lemmy instance for your bot.

These rules are not in effect yet, but if reception is positive, then we will start enforcing these rules from the 1st of August!

Please share your feedback, both negative and positive, in the comments below!

Lemmy programming stream

For some unfortunate personal reasons, I will be having some extra free time in August. A silver lining to this is that I will most likely be able to use some of this free time to increase my contributions to Lemmy!

I've had an idea for a while that a programming stream focused on Lemmy might help to bring in additional new contributors and generate additional interest in Lemmy, so today, I am planning to do an experimental programming stream, where I will first try to learn about, and then improve, the 2fa logic which is currently implemented in Lemmy.

Some caveats:

• I am not a streamer or an entertainer, so this might be an extremely boring stream
• I am not some amazing superstar programmer, so I might make dumb mistakes or miss obvious things, please don't hold that against me 😅

If this sounds interesting to you, I am planning to do a 1 hour stream starting right now at https://twitch.tv/sunaurus. Feel free to jump in! If it's not a massive failure, then I will also upload a recording later on. Edit: Stream is over, thanks to all who tuned in!

Pildid, mis meediast läbi on käinud, on väga uhked, aga ma ei suuda küll ette kujutada, et reaalselt midagi sellist Tartu kesklinna tekiks 😃

Hey folks!

I have deployed an unreleased Lemmy optimization on lemm.ee which significantly speeds up the query for loading posts.

So far, all seems good, but if you notice any issues with any of the post feeds, please let me know!

For more context:

Over the past few days, I have noticed a serious degradation for front page load times for some users. I have been trying different optimizations without much success, until I found an idea by @[email protected] to make a relatively small change to the database query for loading posts.

I implemented this idea and made a PR to Lemmy, you can check my PR here: https://github.com/LemmyNet/lemmy/pull/3653. Initial results seem amazing, my personal subscribed feed now loads extremely quickly, and I'm seeing from monitoring that load times should be improved for other lemm.ee users as well!

Hey folks!

I think I usually write too much, so I will try to keep it short and sweet this time.

Discord

I have created an official Discord server for lemm.ee! This is mostly intended as a back-up channel to share announcements with users - for example, if there is ever an incident and lemm.ee is offline, I can send updates about the situation in Discord. But feel free to join if you just want to chat with other lemm.ee users as well!

You can join the Discord at this link: https://discord.gg/XM9nZwUn9K

New admins

Two new admins have been added to the team! @Matt_[email protected] and @[email protected] have stepped up and volunteered to help me take care of the report queue. I think having good admins is super important to ensure a pleasant experience for all users, so I'm super happy that we have users who were willing to share this responsibility with me.

My hope is that adding a few more admins has helped ensure that I am less of a single point of failure for lemm.ee now. I am still considering maybe adding one or two more admins in the near future, but in terms of actual workload, I think the current team is already a pretty good size.

Anyway, that's all I have for you for now - please join the Discord if that's something you're interested in, and please welcome our new admins!

Edit: @[email protected] has been added as an admin as well!

For now, I believe this is a good size for the team, we won't be adding any more admins in the near future. A big thanks to all who responded to the call for admins!

I think for a while leading up to the recent session stealing hack, there has been a massive amount of positivity from Lemmy users around all kinds of new Lemmy apps, frontends, and tools that have been popping up lately.

Positivity is great, but please be aware that basically all of these things work by asking for complete access to your account. When you enter your Lemmy password into any third party tool, they are not just getting access to your session (which is what was stolen from some users during the recent hack), they also get the ability to generate more sessions in the future without your knowledge. This means that even if an admin resets all sessions and kicks all users out, anybody with your password can of course still take over your account!

This isn't to say that any current Lemmy app developers are for sure out to get you, but at this point, it's quite clear that there are malicious folks out there. Creating a Lemmy app seems like a completely easy vector to attack users right now, considering how trusting everybody has been. So please be careful about what code you run on your devices, and who you trust with your credentials!