shitjustdontwork. Three days have elapsed without updates to or from our community.
TheDude @ TheDude @sh.itjust.works Posts 23Comments 60Joined 2 yr. ago
TheDude @ TheDude @sh.itjust.works
Posts
23
Comments
60
Joined
2 yr. ago
Hey all,
As others mentioned we did not have custom emojis so we were not affected by this particular attack. I have since upgraded our UI to 0.18.2-rc.1 which mitigates this XSS vulnerability.
The vulnerability appeared to be from a custom emoji that they were running. SJW does not use any custom emoji so we should not be affected. In either case lemmy.world has now been restored and is back online. I’ll keep an extra eye on this instance until the patch gets released shortly.
Deleted
Permanently Deleted
Jump
This is a topic that i’ve been meaning to start a discussion about but haven’t had a chance due to the level of detail i’d like to provide.
I will also be posting the current logic of how vote counts are counted and also publish the code that i use for the counting.
Without going too much into detail today when votes are counted theres a few things that the logic accounts for.
- It only counts votes at the first level (meaning anyone that replies to a vote with their vote gets their vote discarded)
- In the event someone tries voting more than once, only the first vote gets counted, the others get discarded.
- Users who join after the voting post is made do not get their votes counted. You must have had your account active prior to the vote post
- External and local users get separated and counted separately.
In the future, and this is the part i’d like to discuss more in detail on another thread, is whether we factor in someone’s reputation. Lemmy currently collects a post and comment score for every user. This score is essentially = to how many upvotes your post or comments have gotten. Additionally the number of post and comments also get tracked. I’d like to see if there would be a method to use this data in order to determine if an account should have the ability to vote. This does alienate the lurkers but they don’t typically vote anyway unless its something that could affect them.
When I have some extra time i’ll post a detailed post on this so that those of you who have an overachiever mindset can provide your 2 cents.
Something with Dual CPUs, at least 128GB ram, dual 750W PSUs, hardware raid (12Gbps) and 8 x 2.5" SAS/SATA slots for SSD Drives on a raid 10
If I were to do some rough math I'd say it would cost about $300/CAD per month.
My goal is once we are approved to start accepting donations that I can purchase dedicated hardware for this instance. I'd get a used server at about $2300 which would be sufficient a good amount of extra users and through it into its own dedicated shared colo at about $100/month. Factor in about $300-400 a year for drive replacements and we are left with $2300 / 12 month= 191.66 + 100/month for the shared 1u colo + a budget of $400 for drive failures throughout the year $33/month. 191.66 + 100 + 33 = $324.66/month for the first year dropping to about $133 per month after the first 12 months. It's worth noting that this method would give us double the amount of resources and quite a bit of extra storage.
Ideally we don't keep this instance on a single server forever and start to think about spreading it over multiple hosts at or after around 100K users (or less if the number of active users is high).
If someone wanted to host an instance they would not need to allocate as much resources as I have to this instance and depending on how active the instance gets could run off something a lot less powerful.
I very much appreciate you guys keeping pushing me on this. There is more involved than I had originally anticipated in being able to accept donations. We are currently waiting for a fiscal host on opencollective.org to approve our application which was submitted in June. Once it's been approved this instance will be accepting donations!
Hi Nahvi.
Thanks for posting this well put together post. I can tell that you put some time and thought into this and I want you to know that I recognize that.
Regarding your concern, this is a topic that has been brought up numerous times over the past month. I've since moved towards being more community driven, letting users discuss and debate on topics that are important to them. These discussion move forward towards a vote over a 7 day period. This process will change over time as we come across flaws and look for ways solve them together.
One more thing I want to make clear regarding your tl;dr question Will I be blocking other instances for personal reasons? Short answer is no, I believe the community should determine what should or should not be blocked.
That being said I want to make myself clear that there are limitations, I will continue to defederate instances that openly promote or spreads hate speech, terrorism, CP, loli, trolling and instances that become bot instances. These shouldn't be things that need to be justified, I think they fall under the "be a good human" category.
I hope this clarifies your concerns and you continue to make sh.itjust.works your home.
Reading through the replies and I have to say ya'll don't take prisoners here. sheesh.
Anyway, I went through went through the community in question and reviewed not only the posts in the community and the comments made by the mods of the community and they weren't aligned with the kind of negativity I want to see on the instance. I have since purged the community and the mods.
Hey all,
This community is being reviewed and will likely be a discussion point to in our Agora community where we discuss about issues like this as a community.
Post that are breaking rules will be removed. If its a regular occurrence so will the TheDonald community. Please continue reporting inappropriate posts and its difficult to maintain visibility on everything that is going on at all times.
Thank you for bringing this to my attention.
Looks like this decision is decided already but I figured I'd put in my input. Given this instance has an open registration policy, nothing is stopping someone from another instance to create an alternative just for voting on this instance. This individual might align and contribute positively to the fediverse and have really great ideas and contributions to discussions here. However because they use their alt account here on sh.itjust.works only for voting, their vote might get dismissed due to poor account reputation (another issue that I believe was already brought up in another post). The fediverse is meant to be a decentralized community and by forcing people to need to join this community to vote promotes centralization which I believe is the opposite of what the fediverse is trying to accomplish. I guess for now I'll hold off on casting my vote until the community determines what criteria should be considered when counting a vote.
Hey everyone, woke up this morning with this news. This news really comes at a surprise as I have not seen or heard of any trolling coming from members of this community. I also have not been approached by their admins to see how we could collaborate. In either case, I'll be attempting to reach out to their admins and discuss a path forward together.
I'll post an update with the details in the coming days.
So this has been fixed. itjust.works should redirect properly to sh.itjust.works now
I am no lawyer, however I do not see a problem with subscribing to NSFW communities outside of this instance. I'd go as far as saying that should you want to contribute to these external communities you can do so as long as you are not using the built in image hosting service to store your content. There are external platforms such as redgifs that could be used to store this content as long as it fit within their TOS.
I plan on making a post sharing some considerations people should take before registering to an instance. In it I’ll definitely bring this subject up.
Hey icy,
The decision to block the Lemmygrad instance was less a question of censorship, and more an issue of personal conviction. As a volunteer dedicating my personal resources and time to facilitating a space for users to create, discover, and discuss - not just on this instance, but across the Fediverse - I admit that this choice was made alone, selfishly, without the consent or thoroughly considering the collective opinion of the community. With the above said, sh.itjust.works has had the lemmygrad instance blocked from its first day.
I'd like to also point out that the lemmygrad instance has far more blocked instances than what is currently blocked here. Maybe you can create a post on that instance to see what that's all about and report back?
I love this!
Any government or governing body should be open to criticism. They are suppose to be working for the people they serve. How is anyone going to know better if no one tells them what they are doing wrong? @wriggly3171@sh.itjust.works you have my support
Not sure yet but I'm certain we'll find out next week
Hey everyone,
A few days ago when we were under bot attack I rolled out a script to help me mitigate the attack. This script essentially calculated that rate at which certain IPs were posting and added them to a block list. Some of the IPs from other instances such as lemmy.ml were falsely added to this block list. I've since gone through all of the IPs and removed the ones that shouldn't have been there.
Please let me know if anyone is still having issues and I'll do my best to review your particular case in a timely manner.