• 1 Post
  • 14 Comments
Joined 1 year ago
cake
Cake day: June 11th, 2023

help-circle




  • I don’t know anything specifically about KeePassXC but it’s my understanding that a transform round is some computationally expensive task that can be preformed as many times as desired, but must be preformed the same number of times to decrypt as well. The point being to slow down any attempts at brute forcing access to you database if someone gets a hold of your encrypted DB file. For example say it takes one second to derive the proper DB access key from the password you entered to unlock the app, that doesn’t really matter to you logging in as almost no one is going to notice a one second delay in logging in. But if some one else gets a hold of your encrypted password DB then they have to wait one second for every password they try, making brute forcing the DB file practically impossible given you’ve chosen an adequate password.

    Ideally you’d choose something which gives a delay not too inconvenient for you when logging in, but enough to thwart the person who might try and brute force the password even if they’re using more powerful hardware.



  • I didn’t notice any downtime of course as I would have been asleep at the time haha. I just wanted to jump in here and say that I really appreciate all the work you put into running this instance and maintaining it’s content. I know it is early days and the lemmy software isn’t super stable or easy to work with, not to mention the monetary aspect of the costs of the server time.

    I’m just happy there’s somewhere non-commercial I can go now to see my strange combination of yiff, news, and memes. I’m sure we can all tolerate a bit of downtime here and there, so try not to worry about it too much when it happens. We know you can’t be available 24/7 so some downtime is inevitable, try not to fret about it too much when it happens. And for goodness sake don’t overwork yourself and get the burnout, I’m pretty sure that’s happened to several of the larger instance admins so far, I’d hate to see you befallen the same fate.


  • Not universal but it’s the unfortunate reality that people obsess over stuff they don’t like as a form of internalized repression. They better be careful though, looking at so many furry images while downvoting they may eventually catch the pathOwOgen.

    It’s nice that you can get this information by querying the database directly but it would be nicer still if it was built into the admin or mod interface somehow. Although I imagine in order to compile that information you used some sort of DB aggregation which could be unexpectedly resource intensive on larger instances so perhaps not.

    I wonder how possible it would be to create some sort of plugin system for lemmy to add functionality like this and more that would only be of interest to particular lemmy instances. That could help to keep the core of the server small and lightweight while giving people the option developing and installing server resident bots, additional functionality, and user interface enhancements as they see fit.


  • I had a peek at the source code and although I don’t actually know Rust it looks like that error comes from a check for character length in the function “is_valid_body_field”. Strangely it does the same check twice against two variables “POST_BODY_MAX_LENGTH” and “BODY_MAX_LENGTH”.

    The smaller of the two is BODY_MAX_LENGTH which is set at 10000, so I assume the max character limit is 10,000. There are no other checks in that function other than the character count and that’s the only place in the source code that the text “invalid_body_field” shows up so I assume it’s only sent as a response to too much text, but as I said I don’t actually know Rust so I could be wrong.





  • Perhaps there should be a new default feed that only features posts from communities that ‘x’ number of users have a subscription to, with ‘x’ being scalable with userbase. Also the aggregate user’s community subscription count could be used to influence the sort order for that feed and bring more popular content closer to the top. Of course there will still be diverseness amongst users in even the smallest userbase, but maintaining a blacklist of communities against a feed curated by user subscriptions would surely be easier than maintaining a blacklist against the raw feed from other instances.

    One thing I worry about is finding new communities. If I understand correctly the federated feed only shows posts from communities that other users have previously searched for? If so that leaves new community discovery solely up to word of mouth or searching using external websites. Perhaps each lemmy instance could ask it’s peers for a list of their top subscribed communities from their instance by the users on that instance, and then start pulling posts from those top communities and adding them to the ‘all’ version of the federated feed. That should give existing and new users a (hopefully) mostly decent feed of the top communities from other instances to find content and communities from.


  • That’s an interesting idea. For each instance give users the ability to mark as spam comments/posts, then make it so each instance keeps track of what the ratio of spam vs not-spam is coming from peer instances and block any that exceed a certain ratio. It could easily be made automatic with manual intervention for edge cases.

    One issue I could see is that it could be used as a way of blacklisting smaller instances from larger instances by using bot accounts on the larger instances to mark the smaller instance’s legitimate traffic as spam. It would likely be necessary to implement a limit on how young/active an account can be to mark comments/posts as spam, as well as rate-limiting for situations where a given smaller community that is a subset of the larger one decides to dogpile on a smaller instance in an attempt to block them from the entire community.



  • Interesting about the pic rotation issue. There’s generally two ways that apps handle photo rotation, they either rewrite the file with the new arrangement of pixels or they mark a piece of metadata inside the file to indicate the true orientation. It looks like somewhere in the software chain that orientation metadata is not being respected.

    Lemmy is certainly still having growing pains, hopefully as more people use it and more people choose to develop for it these issues will work themselves out. Until then you might be able to get around that by putting the images though some sort of editing software. Likely most image editors will be able to fix the rotation issue and write the file out with the actual arrangement of pixels necessary to avoid gravity deifying doggos.