• Head admin @ lemm.ee, a general-purpose Lemmy instance
  • Creator of lemmy-ui-next, an alternative Lemmy frontend
  • Lemmy contributor

ko-fi

  • 0 Posts
  • 15 Comments
Joined 1 year ago
cake
Cake day: June 9th, 2023

help-circle





  • If I have several backends that more or less depend on each other anyway (for example: Lemmy + pict-rs), then I will create separate databases for them within a single postgres - reason being, if something bad happens to the database for one of them, then it affects the other one as well anyway, so there isn’t much to gain from isolating the databases.

    Conversely, for completely unrelated services, I will always set up separate postgres instances, for full isolation.


  • That particular instance was very recently the source of a lot of CSAM and spam, so that’d be why. A lot of instances recently upped their security to combat that.

    Just to add some more context, there was an attacker recently who created accounts on several Lemmy instances and used those accounts to spread CSAM. On lemm.ee, this attacker created 4 accounts over a 24h period, but was not able to upload any CSAM to our servers due to our stricter upload rules (we require 4 week old accounts to upload any images at all), and all of the 4 accounts were removed very shortly after creation (most of them within an hour of signing up). The attacker gave up trying to use lemm.ee very quickly, and moved on to other instances.

    I just wanted to share this context to illustrate that while indeed the different measures we implement to protect the instance can have a negative impact on legitimate users, I really believe that overall, they have a net positive effect. In addition to Cloudflare DDoS protection and image upload restrictions, we also have a separate content-based alerting layer on top of Lemmy, which allows our admins to quickly notice when something suspicious is going on. As another example, this alerting has allowed us to extremely efficiently deal with a current ongoing spam attack on the Fediverse, and I bet many lemm.ee users aren’t even aware of this attack due to the quick content removal. We will continue to improve our defenses, and hopefully try to limit the impact on real users as much as possible, but some trade-offs are necessary here in order to protect the overall userbase.


  • The nice thing about Lemmy is that you can always host your own instance, even if it’s only for your own individual use. You can basically use your own instance as a proxy - other instances will not see how or from where you are connecting to your instance.

    Large instances are being attacked almost constantly at this point in smaller and bigger ways. Almost all measures we implement to combat these attacks come with some trade-offs for the rest of the userbase.


  • I am not really interested in discussing this with you, as you already have an opinion about lemm.ee and seem intent on spreading false rumors about us. I’ve learned several months ago that no matter how much you give to people for free, there will always be users demanding more, so I don’t think there is any chance of you being interested in what I have to say. I am just responding here, so other users who may end up reading this thread don’t come away with the impression that what you are saying is true.

    First of all, no user has ever been banned from lemm.ee for criticizing the admin team. Our admins have banned nearly a thousand users in the past ~7 months (just think about that for a second - that is a massive amount of bullshit our volunteer admins have had to wade through in the span of less than a year), and indeed the mod log is public, so you can easily check the ban reasons, which are consistently related to violations of our basic instance rules.

    If any moderation team on any of our communities does not follow our instance rules, then such communities are closed. We have in fact had to do this several times before with some conservative-type communities, mainly because they wanted to push the ideas that some people, based on their identities, are less valuable as humans that others. The current conservative community on the other hand is consistently moderating based on our instance rules, and they have incorporated the no bigotry rule into their community rules as well. If this ever changes, then we will take action, just as we have done previously.

    Regarding the allegations against one of the mods, I’m not sure if you’ve seen the event they were referencing, but I think it’s safe to say that this event was extremely misrepresented by the accuser. In any real cases of CSAM, lemm.ee has taken drastic actions. We have purged, banned, defederated, reported to authorities, we have implemented some technical safeguards, and we will continue to take action like this in the future as well.

    Let me just finish off by saying that we are a volunteer team giving up our time for free. I realize that users want admins to be perfect and moderate exactly in line with their preferences, but we are humans, we miss things, we make mistakes, and we can not possibly be available 24/7 or read every single piece of content posted by other lemm.ee users.


  • lemm ee: The owners don’t really moderate and its users reflect this fact. Universally unpleasant userbase.

    This is categorically untrue. You can find our administration policy here, and we frequently ban users for breaking our instance rules. At most you could make the claim that we are lenient when it comes to things like heated arguments, as we often give warnings or temporary bans to users in such cases, but on the other hand, our “no bigotry” rule is very strict, and violations have consistently resulted in permanent bans.

    We of course don’t screen all posts and comments which our users write, so we can only respond to reports, but I assure you that our admin team is constantly going over and responding to the report queue (which is a big effort, and clearly a thankless job).

    By the way, I just want to point out that we have ~3000 active monthly users on lemm.ee, I find it very unlikely that you can make an accurate universal judgement about such a huge group of people.




  • That user has actually not been in contact with any of our admins, I’m not sure why they are claiming otherwise.

    In any case, I shared my position on piracy on lemm.ee a few months ago, and it has not changed. TL;DR discussions about piracy are fine, but explicitly facilitating piracy on lemm.ee is not allowed, and if any such content is reported on lemm.ee then I will most likely err on the side of removing it. Having said that, I am not planning to defederate lemmy.dbzer0.com at this point, as they have not been causing any issues for lemm.ee (but, of course, I do reserve the right to re-evaluate federation with any instance if at any point they start causing problems for lemm.ee).

    Quoting my original comment about piracy on lemm.ee, just for full context:

    There’s nothing inherently illegal about VPNs, P2P, seedboxes, torrents, software for torrents, etc - as a software engineer, I have no trouble understanding that these things all have legal purposes. There can be no realistic case made against someone just because they use (or discuss the use of) any of these things. You can post and comment about stuff like this all day long.

    Also: discussing piracy topics in general (like commenting on the legality of it, just saying you do it, whatever) without actually using lemm.ee servers to host anything sketchy is fine as well.

    On the other hand, telling people “go to coolpiracywebsite.com to download the latest avengers movie” is very sketchy - you’re not directly distributing anything, but I think a case can be made that this comment is directly facilitating piracy, and if someone sends me a legal letter to remove such a comment, then TBH I will most likely just comply rather than deal with the hassle of trying to figure out how legal it is. Just being frank here - I don’t want to create false expectations of lemm.ee servers being a safe haven for content with sketchy legal status.



  • I really like the overall concept of Lemmy, so I decided to set up lemm.ee to support the Lemmy network with my skillset. I have previously had the privilege of being responsible for running large platforms online (end-to-end, everything from operations to software engineering), and so far, this experience seems to be extremely relevant for running Lemmy in its current state.

    As for paying for hosting, my initial plan was to to just pay for everything myself as kind of a hobby, but the userbase at lemm.ee has been very gracious in first asking me several times to share costs, and then actually sending money once I set up donations. I’m not sure yet if this donations-based funding will be sustainable, or if it will fall off after the initial hype dies, but for now it’s really awesome to see that there are several other people who believe in lemm.ee and want to share financial responsibility for it.