Nutomic @ nutomic @lemmy.ml

Lemmy Lead Developer and father of two children.

---

Read more

Posts

111

Comments

903

Joined

6 yr. ago

Moderating

---

Im a former contributor to F-Droid with various merged pull requests. Looking at the indicated pull request I really doubt that it was an intentional attack. First of all its easy to forget for a new developer to escape SQL parameters, and the docs dont even mention a risk of SQL injection attacks. And of the users pushing for the PR to be merged, one is a long-time F-Droid contributor, and the other also looks like a real human with many contributions in other repos, so no sockpuppets in sight.

It simply looks like standard open source behaviour, for better or for worse. A new user makes a contribution for a highly demanded feature, and users want it to get merged as soon as possible. Maintainers are discussing the big picture of the change and want to avoid breaking changes, without getting into code review yet. The new contributor seems unwilling to make any design changes to his PR, and gets frustrated that it doesnt get merged as is. The potential vulnerability is only noticed half a year after the PR was opened, at which point it was already de facto abandoned. So not an attack, but simply a developer who is new to open source and doesnt understand how the process works.

We applied for funding last August, but unfortunately we are still waiting for it to be finalized. Seems like NLnet is quite overloaded these days.

The Activitypub protocol is fine. It could use some minor improvements but there's definitely no reason for an entirely new protocol.

I still remember your name from the early days, it's great that you stuck around! How much Lemmy changed in these few years...

We only do major versions around once a year so those could still be named, while using numbers for minor versions. Lemmy is more user-facing than react, so it would make sense to have a more user-friendly versioning.

We didnt make any changes to the Lemmy version running on this instance during the past week. So it must be something else...

The problem is that a server could very easily lie and claim to have captchas when it really doesnt.

I see now, if an instance has any site languages configured those will be applied for new users. You can see it in /api/v3/site field discussion_languages. However both lemmy.world and lemm.ee return all languages there.

Edit: Im removing this as part of the PR to set new user languages from accept-language header, it doesnt make sense anymore with that.

Yes contributions to improve this interface would definitely be welcome.

Right my_user.discussion_languages is the correct one. And it being empty means that all languages are enabled (to avoid storing lots of unnecessary db rows). Im testing with a new account on ds9.lemmy.ml and can see posts marked as English without any problems.

I cant really how such a problem could happen and only affect those specific instances. Can you check through the api which languages are enabled on a new account? The info is under /api/v3/site in the field discussion_languages, it should contain numbers from 0-183 which are all the language ids.

I confirmed this just now, when registering a new account all discussion languages are enabled. However this isnt properly indicated in the lemmy-ui user settings.

When you signup, all languages are enabled by default. I believe it was like this since the feature was first implemented. I recently made a pull request so that languages are automatically configured from accept-language header.

The automatic language tag should only depend on the community language settings and user language settings. Specifically it will build the intersection of both, and if the result only contains one item (excluding "undetermined"), that is used as the post language. The instance doesnt matter at all. And there havent been any changes in this area in a while, so there should be no difference between 0.19.x versions.

I thought maybe the community language isnt federated properly but its identical on all mentioned instances. Also @Camus@sh.itjust.works mentioned that French is enabled in user settings. There is clearly a bug but I cant think what else might be causing it.

Anyway please report such bugs directly on the issue tracker, otherwise I might not find out about it at all.

This is strange because neither of the communities you mentioned has any language restrictions. Can you say what error is being returned exactly? You might have to use browser dev tools to see the details.

Yet it's still noticeable that people from the US are way overrepresented compared to all other countries.

Thanks for the support. I think the era of single, centralized sources of information will soon be in the past.

1. This would be a project on its own, with writing import scripts, hosting an instance etc. Certainly not something I have time for, just like I'm not running a Reddit mirror for Lemmy. If you or someone else wants to set it up, go ahead!
2. How would you detect that it's the same article, only from having the identical title? That could fail in lots of ways.
3. I agree about this.

I answered a similar question here: https://lemmy.ml/comment/9329423

Available Soon.

Dansup is well known for making grand announcements and delivering on them very late or never. I think it was more than two years ago that he announced federated groups for Pixelfed and still nothing. So I wouldn't get my hopes up yet.

500 Mb symmetrical. It's more than enough even while running a home server.