1
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

A couple of days ago a newcomer started a new community called "Controversial ideas" and began posting content.

I originally took it at face value, however it quickly became apparent that the "controversial ideas" were all just different angles of trying to normalize relationships between adults and under-age teenagers, under the guise of pseudo-intellectual debate on age of consent laws, brain development, etc.

A bit of digging made it clear that this was an individual with an agenda. He had started similar communities on several other instances using different usernames, all with the same objective and approach. His multitude of other social media accounts told a similar story and included real hot takes such as this one:

This individual has been banned and the community removed.

I don't know how much clearer I can make it that this kind of shit isn't and will never be tolerated here.

Seeing as this was the second pedophile that tried to set up shop here in the past month, I've become a bit concerned that there may be something about our previous mascot that is giving off the wrong impression. Maybe the mouse is too childish? Maybe it looks too young? I really don't know, but I've decided to change it just in case.

Our new mascot is much more aggressive, hopefully it sends the right message. I welcome your feedback on it.

2
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

This post keeps track of all instances that Lemdit is no longer federated with and the reason why they were blocked.

The Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

  • If their content has the potential to get us into legal trouble
  • If they are acting as an attack vector towards us

10 July 2023

burggit.moe / lemmy.burger.rodeo - Defederated due to legal concerns. They host loli porn (cartoon porn depicting underage characters).


01 August 2023

lemmy.comfysnug.space - Defederated due to legal concerns. They host loli porn (cartoon porn depicting underage characters).


08 August 2023

detroitriotcity.com - Defederated due to legal concerns. I don't even know where to start with this one, they appear to host a suite of things that are illegal, among which loli porn (cartoon porn depicting underage characters).


Defederation explained

All Fediverse instances talk to each other. When you search for a community, for example, you will get results from any instance that has a community that matches your search terms.

If you subscribe to a community from another instance, then all content posted to that community will automatically be "federated" (shared) with our instance. In practical terms, this means our server downloads and stores a copy of that content so that it can display it to you and everybody else on our instance. This is the content you see when you click on "All" from the menu at the top:

To "defederate" is to ban an instance from sharing content with us. This means that when you search for content, you will not get any results from them. There is no ability to subscribe to their communities and anything they post on their instance will not be shared with our server.

I consider this to be an extreme measure, which is why we reserve it for servers that purposefully allow content that is illegal in our country of jurisdiction (New Zealand). Not doing so would put us at risk, since our server can potentially store a copy of content that is illegal.

3
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

Lemmy 0.18.4 was released today and Lemdit has been updated to it.

You may have noticed a 5 minute outage earlier while this was happening.

This release is mostly a bug fix, which is welcomed news. You can find the full release notes here: https://github.com/LemmyNet/lemmy/blob/main/RELEASES.md

As always, please let me know if you encounter any weird behavior.

4
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

An alternative web client for Lemmy with the UI of Xylo

The Lemdit Photon instance can be accessed at https://p.lemdit.com

You can find more info on Photon here: https://github.com/Xyphyn/photon

5
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

I like keeping across what is happening with other Lemmy instances so lestat.org was born out of this curiosity.

It's similar to lemmy-status.org but with a few notable differences:

Criteria for adding instances to Lestat

I will add any instance to Lestat based on these prerequisites:

  • The instance is listed on join-lemmy.org
  • The instance doesn't host anything illegal in New Zealand

Notification service for admins

If you are an instance admin and want to get automatic e-mail notifications from Lestat when your instance goes down, message me and I will set this up for you.

I hope you find Lestat useful!

6
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

It was brought to my attention that lemmy.comfysnug.space also hosts "loli porn". This content is illegal in New Zealand as well as many other countries.

Needless to say they have been defederated and all their communities purged from our server.

I'm mostly posting this in the spirit of transparency as I don't think this affects anyone here.

Please let me know if you do come across another similar instance, there are simply too many of them out there for me to check proactively.

I sincerely hope that this was the last of them, but if there are more, I also don't think it's worth me making an announcement every time we defederate one. I may instead create a generic defederation post where we keep tabs on who we defederated and why, but I welcome your feedback.

As a reminder, the Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

  • If their content has the potential to get us into legal trouble
  • If they are acting as an attack vector towards us
7
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

Alexandrite is a beautiful desktop-first alternative web UI for Lemmy.

The Lemdit Alexandrite instance can be accessed at https://a.lemdit.com

You can find more info on Alexandrite here: https://github.com/sheodox/alexandrite

8
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

You may have noticed that Lemdit was down for about 2 hours earlier (if you did notice, then I hope the status page kept you informed).

Below is a summary of what was done:

  • Host software updates (some things required a restart).
  • Host hardware upgrades - larger SSD installed and Lemdit migrated to it. This was not done out of necessity, but for future proofing.
  • VM image back-ups - this is a separate activity to the nightly DB backups
  • Lemmy upgraded to 0.18.3 - this version comes with significant DB improvements and required a DB migration.

Overall it took longer than I hoped it would, but I think it was all worthwhile.

Please let me know if you notice any weird behavior from Lemdit.

9
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

We had an outage, Lemdit fell over while I was asleep so bad timing. It looks like it was down for about 4 hours.

I'll look into what caused it, I have a script that tries to automatically recover Lemdit from the usual crash, but something else happened here.

Anyway if you tried to access it and couldn't - sorry! It's back now.

Edit:

I believe this was caused by cache depleting all available RAM (impressive considering we've got 128 GB allocated). This isn't normally supposed to cause an issue as cache is meant to be cleared to make room for app usage, but in practice it can be problematic and it's likely what got everything to fall over.

I've got a cron job in place that will clear cache daily now so this won't happen again.

Here's a graph if you're curious, the outage occurred ~3:30AM, the drop you see is me restarting the VM:

10
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

A familiar desktop experience for Lemmy

The Lemdit Mlmym instance can be accessed at https://old.lemdit.com

You can find more info on Mlmym here: https://github.com/rystaf/mlmym

11
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

I'm curious to get your thoughts on Lemmy. What is your impression so far? Are you enjoying it? What would you like to see different?

If you're using Lemdit, then I'm really interested to get your feedback on what your experience is like. Is there anything we can improve? Any other suggestions or ideas?

12
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

Security has been a hot topic for Lemmy recently and privacy is something that we all care about. Here's how we're set up to handle both.

Security

As a self-hosted Lemmy instance, we're actually in a slightly better position than many:

  • The server is not remotely accessible from outside the local network (it doesn't need to be).
  • The Lemmy admin interface is not remotely accessible from outside the local network (even if my Lemmy account ends up compromised through some exploit, the potential harm from that is greatly reduced).

We also have more generic network security measures in place:

  • The server sits behind a hardware firewall.
  • The Lemmy instance sits behind a reverse proxy.
  • Internal networks are segregated from each other.
  • IP whitelisting is used for all internal remote access.

Nothing on the Internet is unhackable and we're no exception. However, we're too small to be an attractive target and we're sufficiently hardened to avoid being a target of opportunity.

Privacy

Being self-hosted has a number of advantages here too. Lemdit does not use any 3rd party web services whatsoever:

  • No cloud hosting of any kind
  • No external e-mail service
  • No CDN
  • No DoS protection
  • No analytics
  • No ads
  • You name it, we don't have it.

Privacy is important to me personally and all the trade-offs I have made have been in favour of privacy.

Lemdit runs an unmodified version of Lemmy available from its official GitHub repository.

What Lemdit knows about you:

  • Standard NGINX access logs are kept for 2 weeks (IP address, time stamps, etc).
  • The Lemmy database contains the e-mail address that you signed up with.
  • The mail server has a record of e-mails that were sent to you by Lemdit.

This data is not available to anyone else and only legal/law enforcement action could compel us to share it.

Legal

Due to the nature of federated services, all of your engagement (your profile; posts; comments; messages; votes) on this platform should be considered public. We highly recommended that you do not share any information on Lemdit, or the Lemmy platform, that could in any way personally identify you.

Internet regulations are increasingly complex and country specific. To navigate this complexity, we rely on TermsFeed to define our Terms and Conditions, as well as our Privacy Policy. This post tries to describe some of the key points in plain English, but does not act as a substitute for these documents.

I'm not a lawyer nor do I have the time to try and prettend I'm one, so while I dislike long documents written in Legalese, that's what we have in place for now.

Version history


15 July 2023

  • Initial release

19 July 2023

  • Added Version history for transparency
13
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

We now have a Status page that monitors Lemdit services, as well as a backup Discord server:

The purpose of these is to keep you informed on what is going on with Lemdit and give you a way to contact me should anything go wrong.

lemdit.com / *.lemdit.com will automatically redirect to the Status page in the following scenarios:

  • Planned outage (server maintenance, updates, etc)
  • Unplanned outage caused by software or hardware failure

lemdit.com / *.lemdit.com will be unreachable in the following scenarios:

  • Unplanned outage caused by connectivity or prolonged power failure

I get automatically notified of any outage and will keep you up to date via the Status page and/or Discord.

The Status page also sends automatic notifications to the Discord server when services go down or when they recover.

If Lemdit has gone offline and I'm nowhere to be found for a few days (think vlemmy.net), then you can assume something happened to me.

Version history


15 July 2023

  • Initial release

22 July 2023

  • Added Version history for transparency
  • Updated the status page URL
  • Added mention of automatic Discord notifications
  • Minor wording tweaks
14
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

Voyager is an Apollo-like open source web client for Lemmy. It’s a mobile-first app, but works great on desktop devices, too.

The Lemdit Voyager instance can be accessed at https://m.lemdit.com

As a webapp, Voyager is easy to install on your phone through your browser controls.

You can find more info on Voyager here: https://github.com/aeharding/voyager

15
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

It feels like I've been spamming these updates recently, but it has been an eventful week for Lemmy and it's worth being on the version that has the least holes in it.

Unless there is a compelling security concern or they fix the broken theme appearance, I'm going to start limiting these updates to once a week going forward.


I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

The DB is backed up, I’ll post an update here once everything’s done.

16
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

Also updating to the latest pict-rs v0.4.0 release.

This is an important update as it addresses the Lemmy exploit found yesterday, as well as some other bugs.

The DB is backed up, I’ll post an update here once everything’s done.

17
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

As you know, the Lemdit ethos sets out our stance on federation, notably:

Defederating from other instances is an absolute last resort and we will only do so under the following circumstances:

  • If their content has the potential to get us into legal trouble
  • If they are acting as an attack vector towards us

burggit.moe is unfortunately the first instance whose content has the potential to get us into legal trouble, since they are "NSFW & Loli/Shota/Cub friendly". This type of cartoon child porn is illegal in New Zealand and many other countries.

I have become more aware of them in the wake of vlemmy.net going offline, since burggit.moe were the only instance that Vlemmy defederated before their disappearance a day later: https://lemm.ee/post/794588

To my knowledge burggit.moe is the only instance that supports this kind of content, so hopefully they will remain the exception. I hope you can understand my decision. Please let me know if you have any questions or concerns.

18
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

What happened?

A Lemmy exploit has been used in the wild earlier to attack several instances, among which lemmy.world:

What we did about it:

At the time it was believed that the exploit had something to do with the sidebar, so I temporarily restricted new applications and disabled the ability for users to create their own communities:

We have meanwhile learned that this vulnerability is present on any instance that has custom emojis defined, and is exploitable everywhere Markdown is available (posts, comments, private messages, the sidebar, etc).

As of now there is no official patch for it, however a manual fix is described in this thread:

I have applied this fix to Lemdit to be safe, noting that we never had custom emojis enabled so we were never really at risk. 10 comments with the malicious code had federated to us (and were removed through my application of the fix), however you would've still been safe viewing these comments from Lemdit.

We're now back to having open registration and the ability for users to create communities without admin intervention.

What this means for you as a Lemdit member

I want to reassure you that we were not impacted by this exploit. As previously mentioned, the exploit was specifically linked to custom emojis and we never had those defined/enabled. Even though comments containing the malicious code would've federated to us, the code would not have worked here.

As a conscequence of applying the manual fix, all existing login sessions have been reset so you will have to log back into your Lemdit account.

I expect that a new Lemmy version will be released soon to properly address this vulnerability - I will be patching us to it as soon as it's available.

Let me know if you have any questions or concerns.

19
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

What's going on?

lemmy.world and lemmy.blahaj.zone have been hacked and defaced today:
This may have been caused by an XSS vulnerability in the Lemmy sidebar:

If this is true, then any Lemmy instance can potentially be targetted in this way.

What are we doing about it?

As a precaution, I have temporarily switched off open registration and the ability to create new communities. This means that:

  • Any new user that wishes to join Lemdit will have to submit a registration application.
  • Existing members will not be able to create new communities themselves.

I am doing this out of an excess of caution, to reduce the risk that we are impacted by this exploit until a fix is released, or until it's confirmed to be nothing.

These are only temporary measures meant to protect us until everything gets resolved.

What this means for you as an existing Lemdit member

  • Lemdit is not currently compromised or at risk.
  • We have measures in place to reduce the chances of us being affected.
  • If you really want to create a new Lemdit community meanwhile, please send me a direct message.
  • I will keep you updated as this develops.
20
1
submitted 1 year ago by Caithe@lemdit.com to c/lemdit@lemdit.com

I’d like to do my part to keep this instance running :D

21
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

Also updating to the latest pict-rs v0.4.0-rc.14

The DB is backed up, I’ll post an update here once everything’s done.

22
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

The latest Lemmy UI release is not without some bugs. Some of these are new, others aren't, but they're all worth being aware of as they can cause some confusion:

23
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

I’m about to perform this update in the next 10 minutes, all things going well there should be no downtime/instability.

We're already on rc releases so we may as well live life on the bleeding edge for now.

The DB is backed up, I’ll post an update here once everything’s done.

24
1
submitted 1 year ago by delendum@lemdit.com to c/lemdit@lemdit.com

If you noticed a bit of instability in the past hour, it seems to have been caused by lemmy-ui misbehaving.

Restarting lemmy-ui has brought everything back to normal. I don't yet know what caused it to go wonky on us, but I'll set up a cron job to restart it hourly for the time being.

25
1
submitted 1 year ago* (last edited 1 year ago) by delendum@lemdit.com to c/lemdit@lemdit.com

Welcome!

We're a relaxed general-purpose Lemmy instance for everyone.

Lemdit is not a large instance, it doesn't even host a lot of content, but it is federated with everyone that does. The beauty of the Fediverse is that you can join the server that most resonates with you and use it to interact with everybody and everything else on the network.

To figure out if Lemdit is right for you, please read the Lemdit ethos for our rules, as well as our stance on speech, communities, federation and more.

Head over to Lemdit Official to find out everything about Lemdit and stay up to date with the latest happenings.

If you're still a bit confused by this whole thing, then be sure to check out Lemmy Help for more information on Lemmy and the Fediverse, or to ask some questions.

You are welcome to join us!

view more: next ›

Lemdit Official

0 readers
0 users here now

This place is for all things Lemdit.

founded 1 year ago
MODERATORS