Shaping the Future of Vaporents: Domain Name Feedback Survey - Ends 7/21/23 - 1PM EST

A couple folks have seen this prior to the physical migration of the servers over to a local colocation data center with Cera.net. However, we only had ~20-30 subscribers at that point and received 8 responses (1-2 of them were me testing). Now we've got a couple more folks follwing the community from other servers, and the link here has been put back up on Reddit; so I've re-opened the survey for it's "actual" 7 day run.

Note: ChatGPT did the most of the typing after I dictated some goals to it with the phone app speech-to-text. If it sounds like a robot, it half-is and I didn't take much time to soften the text while building the survey logic.

We invite you to participate in this important survey to help shape the future of the Vaporents community. Your feedback is crucial as we build another platform away from Reddit to establish a new home that better serves our needs. By providing your input, you will have a direct impact on decisions regarding the domain name for the new platform. We value your opinion and appreciate your time in providing your feedback.

Dear /r/Vaporents Community,

We are reaching out to you, the 220,000+ subscribers of the Vaporents subreddit, to gather your valuable feedback regarding an important decision for our community. As you know, we are considering transitioning away from Reddit to establish a new home that provides us with a fresh identity and various advantages. One of the primary reasons behind this transition is to create a legal buffer that ensures our community can operate freely. By changing our domain name and platform, we can separate ourselves from any potential legal concerns associated with Reddit, granting us greater autonomy and peace of mind. Furthermore, the move to a new platform will allow us to create a community completely separate from Reddit, enabling our makers, vendors, and users to post links, share pictures, and freely discuss products without constraints in a closed environment. This freedom from censorship will ensure our community can thrive and openly engage in discussions without worrying about their links being removed or their voices being silenced. Moreover, the over-censorship of product links and discussions on Reddit has significantly impacted the visibility and reach of merchants, retailers, and makers within our community impacting their own site traffic and ability to continue operating in this space. By transitioning to a new and open platform, we can reduce these limitations, allowing merchants to regain their footprint and visibility within Google search results. This change is vital in supporting our community's merchants and ensuring a vibrant marketplace for everyone. Additionally, transitioning away from Reddit will help us direct and prevent any additional traffic or ad revenue from flowing to the Reddit platform. This ensures that our community's activities and interactions are no longer contributing to their revenue streams. It is of utmost importance that we continue to openly discuss these products, where to purchase them, raise potential health conserns, and share our experiences without restrictions. By doing so, we can feed this information into search results, enabling individuals new to this space or seeking alternatives to combustion to find the information they need to make informed choices. Your feedback in this survey will play a crucial role in shaping the future of our community. We appreciate your participation and value your insights as we embark on this exciting transition to a new platform.

Thank you for being a part of Vaporents, and we look forward to hearing your thoughts!

Shaping the Future of Vaporents: Domain Name Feedback Survey - Ends 7/21/23 - 1PM EST

Sincerely,

@ProfessionalHandJob@lemmy.beyondcombustion.net

cross-posted from: https://lemmy.nz/post/379273

AccidentalRenaissance has no active moderators due to Reddit's unprecedented API changes, and has thus been privated to prevent vandalism.

Resignation letters:

Openminded_Skeptic - https://imgur.com/a/WwzQcac

VoltasPistol - https://imgur.com/a/lnHSM4n

We welcome you to join us in our new homes:

https://kbin.social/m/AccidentalRenaissance

https://lemmy.blahaj.zone/c/accidentalrenaissance

Thank you for all your support!

Original post from r/ModCoord

The one I found wasn't in stock and was canceled. Probably from them being so discounted lol. But, it sounds like the inventory finally ran out at S&B and whatever's left is all that's going to be in the retail channel.

Anyone got a lead on one? 🙃

If you were a fan of the DC plug over the USB C that's sad news.

Yeah, lemme get that self-hosted threads spyware plz. would love to toss one up here once I setup Mastodon.

gotta love being able to post links and know they won't be taken down.

This drill battery enail thing from CH looked too weird to not have, so I ordered one when they were recently posted and thought it would be cool to use while traveling, camping, or after biking to a park/whatever.

Now I have to figure out what to put on the coil.... I have a B1, B2, and I think a B-zero around here somewhere..... so any other suggestions on a durable option as a portable ball vape head?

I could take apart something I have, but that's no fun. :-)

cross-posted from: https://lemmy.federate.cc/post/4824

Just thought I'd share this since it's working for me at my home instance of federate.cc, even though it's not documented in the Lemmy hosting guide.

The image server used by Lemmy, pict-rs, recently added support for object storage like Amazon S3, instead of serving images directly off the disk. This is potentially interesting to you because object storage is orders of magnitude cheaper than disk storage with a VM.

By way of example, I'm hosting my setup on Vultr, but this applies to say Digital Ocean or AWS as well. Going from a 50GB to a 100GB VM instance on Vultr will take you from $12 to $24/month. Up to 180GB, $48/month. Of course these include CPU and RAM step-ups too, but I'm focusing only on disk space for now.

Vultr's object storage by comparison is $5/month for 1TB of storage and includes a separate 1TB of bandwidth that doesn't count against your main VM, plus this content is served off of Vultr's CDN instead of your instance, meaning even less CPU load for you.

This is pretty easy to do. What we'll be doing is diverging slightly from the official Lemmy ansible setup to add some different environment variables to pict-rs.

After step 5, before running the ansible playbook, we're going to modify the ansible template slightly:

cd templates/

cp docker-compose.yml docker-compose.yml.original

Now we're going to edit the docker-compose.yml with your favourite text editor, personally I like micro but vim, emacs, nano or whatever will do..

favourite-editor docker-compose.yml

Down around line 67 begins the section for pictrs, you'll notice under the environment section there are a bunch of things that the Lemmy guys predefined. We're going to add some here to take advantage of the new support for object storage in pict-rs 0.4+:

At the bottom of the environment section we'll add these new vars:

  - PICTRS__STORE__TYPE=object_storage
  - PICTRS__STORE__ENDPOINT=Your Object Store Endpoint
  - PICTRS__STORE__BUCKET_NAME=Your Bucket Name
  - PICTRS__STORE__REGION=Your Bucket Region
  - PICTRS__STORE__USE_PATH_STYLE=false
  - PICTRS__STORE__ACCESS_KEY=Your Access Key
  - PICTRS__STORE__SECRET_KEY=Your Secret Key

So your whole pictrs section looks something like this: https://pastebin.com/X1dP1jew

The actual bucket name, region, access key and secret key will come from your provider. If you're using Vultr like me then they are under the details after you've created your object store, under Overview -> S3 Credentials. On Vultr your endpoint will be something like sjc1.vultrobjects.com, and your region is the domain prefix, so in this case sjc1.

Now you can install as usual. If you have an existing instance already deployed, there is an additional migration command you have to run to move your on-disk images into the object storage.

You're now good to go and things should pretty much behave like before, except pict-rs will be saving images to your designated cloud/object store, and when serving images it will instead redirect clients to pull directly from the object store, saving you a lot of storage, cpu use and bandwidth, and therefore money.

Hope this helps someone, I am not an expert in either Lemmy administration nor Linux sysadmin stuff, but I can say I've done this on my own instance at federate.cc and so far I can't see any ill effects.

Happy Lemmy-ing!

cross-posted from: https://lemmy.world/post/1299831

Hi all,

If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers.

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

How?

This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going.

Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this.

What happens next?

As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see:

1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report:

• Exactly what happened, when.
• The incident response that occurred from instance admins
• Information that might have helped resolve the issue sooner
• Any issues that prevented successful resolution
• What should have been done differently by admins
• What should be improved by developers
• What can be used to identify the next attack
• What tools are needed to identify that information

2. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue.

3. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.

cross-posted from: https://lemmy.beyondcombustion.net/post/45630

Last night we moved the last of our stuff out of the basement....

We're hosted in a colo data center now!

Also updated to v0.18.2-rc1 to address the issues with cross site scripting that impacted lemmy.world and others last night.

Lemmit bot is off, not planning on turning that back on at this time.

Next on list:

• Finishing up some SSO/authentication that'll make giving admin access to different server services, apps, whatever possible in a manageable way.
• Complete paperwork/financial/tax/blahblahblah stuff

Last night we moved the last of our stuff out of the basement....

We're hosted in a colo data center now!

Also updated to v0.18.2-rc1 to address the issues with cross site scripting that impacted lemmy.world and others last night.

Lemmit bot is off, not planning on turning that back on at this time.

Next on list:

• Finishing up some SSO/authentication that'll make giving admin access to different server services, apps, whatever possible in a manageable way.
• Complete paperwork/financial/tax/blahblahblah stuff

cross-posted from: https://lemmy.world/post/1060913

cross-posted from: https://lemmy.world/post/1032247

Finally tried the official Reddit app. It's as bad as they say.