𝙣𝙪𝙠𝙚

ok NCD, which one of you did this?

In my honest and probably very controversial opinion, Lemmy is not more private than say using Reddit.

Not an expert, but I am a self hoster.

Not everything is but yes, some things can be seen. Your saved posts are only visible to your local instance admins not every admin. Your subscriptions are visible to your local admin as well the admin of the community can see you are subscribed. Your DMs are visible to your local admins as well as the recipient’s admins. Your votes and comments will be visible to all federated admins. If you report a post, that report is visible to your local admins, the community’s mods and admins, and the reported person’s instance admins.

Just hit Ctrl+Z to Undo

Say no more, I’m sold

deleted by creator

Lemmy.ml will likely never defederate from lemmygrad, as the owners themselves are tankies. If you want to distance yourself, I suggest moving instances.

There’s an account migration tool someone made that could make this easier for you https://github.com/CMahaff/lasim

I had an idea about this today but I don’t know enough about Lemmy to confirm it. Thought I’d run it by you just in case.

Could you create a post and lock it normally, then directly edit the postgres row to unlock the post? I’m wondering if this would federate the lock but not federate your unlock causing all outside users to see a lock and all internal users see an unlocked post.

Possible edge case: users who subscribe to the community after the unlock will receive the initial data dump of posts and this will include the post in its current unlocked state.

However, this would be an easy way to block the majority commenting on a post while maintaining a seemless experience for your internal users.

Wouldn’t it make a difference in cases where the nameserver and host are not the same entity?

Lemmy.world is NOT defederated from lemmy.ml. the above user is completely wrong.

This is easily verifiable by going to https://lemmy.world/instances and scroll to the bottom to see which ones are blocked

I love how you spent more time defending your wrongness than correcting the mistake. Like is it that hard to hit the edit button

Great work!

This got me thinking, does Lemmy clear orphan pictrs files? Say a user uploads an image but never submits the comment/post? That file is still on your pictrs and publicly linkable. And what if the post or comment is removed by moderator or deleted by the author? Is Lemmy cleaning these up?

If the intention is to have an internal, instance-only post, I believe such a thing could be enforced with an automoderator bot. I had a lot of success throwing the Lemmy API into an AI and generating my own moderator bot from that. Could work for you.

Fair point, I agree there should be such a check. It seems for now that the only ones affected were people who tried to intentionally mess with it. It will be a hard goal to reach completely because what’s ok and healthy for some could also be a deathly allergic reaction for others. There’s always going to have to be some personal accountability for the person preparing a meal to understand what they’re making is safe.

That’s a bit dramatic of a take. The AI makes recipe suggestions based on ingredients the user inputs. These users inputted things like bleach and glue, and other non-food items, to intentionally generate non-food recipes.

I wonder if they’ll renew the twitter.com domain name

If your origin servers IP is never revealed then all traffic goes through cloudflare regardless. Firewall restricting the IPs is just good practice since cloudflare is the only IP that is supposed to talk to that server anyway, but it’s not a requirement.

I can see some overhead if you’re maintaining a large blacklist, but I don’t see it happening with a small whitelist and default inbound DROP

They mean after adding a ddos mitigation like cloudflare, you should rotate the origin server IP so the origin server’s IP is no longer publicly known and thus not directly reachable by ddos attackers. The only way to now interact with the application is though Cloudflare’s network. You should only have to do this once as long as the origin IP doesn’t publicly leak.

Another step would be to add firewall rules to only allow inbound traffic from cloudflare IPs: https://www.cloudflare.com/ips/

You can change what instance you use to one that defederates with the places you don’t want to participate with. Also, some apps allow you to hide specific instances through a UI option.