Check the updated OP. We can definitely use more donations, at the moment we are getting around 4000 Euros per month which is not much for two fulltime devs. And code contributions are also helpful, there is an almost endless amount of open issues.
They stay in the bunker except for emergencies like facebooks threats.net . You get to drive one when you can recite the first section of the communist manifesto from memory.
One that I can think of rn, is @CannotSleep420 's lemmy-bot, as well as ridoukousage’s TLDR bot.
With the web being so ad-infested and completely owned by google, people have noted how the TLDR bot means they often don’t have to leave their lemmy app at all, and can stay behind its privacy shield.
While of course I do think we can code a lot of functionality directly in to lemmy in a way that we couldn’t with reddit, there’s undeniably a lot of potential with bots that can do different things for us.
Those didn’t completely break federation, they just had some issues with a few services besides lemmy. They’re addressed now, but federation compatibility will always be an ongoing task as new services get added and existing ones change their activitypub responses.
As far as I’m aware the most widely-accepted standard for responsible disclosure is 90 days. This is a little different, since that’s normally between businesses and includes the time needed to develop a solution; it’s not typically aimed at federated or self-hosted applications rolling out an already-created patch. On the one hand, granting them that extra time to upgrade seems reasonable. On the other, wouldn’t anyone wanting to exploit a vulnerability be able to reverse-engineer it pretty easily by reading the git history?
The 90 days disclosure you’re referencing, which I believe is primarily popularized by Google’s Project Zero process, is the time from when someone discovers and reports a vulnerability to the time it will be published by the reporter if there is no disclosure by the vendor by then.
The disclosure by the vendor to their users (people running Lemmy instances in this case) is a completely separate topic, and, depending on the context, tends to happen quite differently from vendor to vendor.
As an example, GitLab publishes security advisories the day the fixed version is released, e.g. …gitlab.com/…/critical-security-release-gitlab-16….
Some vendors will choose to release a new version, wait a few weeks or so, then publish a security advisory about issues addressed in the previous release. One company I’ve frequently seen this with is Atlassian. This is also what happened with Lemmy in this case.
As Lemmy is an open source project, anyone could go and review all commits for potential security impact and to determine whether something may be exploitable. This would similarly apply to any other open source project, regardless of whether the commit is pushed some time between releases or just before a release. If someone is determined enough and spends time on this they’ll be able to find vulnerabilities in various projects before an advisory is published.
The “responsible” alternative for this would have been to publish an advisory at the time it was previously privately disclosed to admins of larger instances, which was right around the christmas holidays, when many people would already be preoccupied with other things in their life.
I linked a timezone convert link (before I updated the post), which I think I’d have to do even if we used the UTC offset format. I must be just far away enough from UTC to not know what my offset is at any given time.
Time math gets a bit difficult far enough from UTC. Where I live virtually any event in Europe or Asia will be happening on a different day there than here, so it’s not fun to try and figure in one’s head.
The only universal solution is to link to a converter site.
Personally I wish everything supported the automaticly-converting timestamps I’ve seen in Discord which just show up in local time or as a countdown.
There was a big time gap between 0.18.5 and 0.19. Have you considered adopting a release train model, similar to what Rust does? The Bevy game engine has also adopted the idea.
More frequent but smaller releases would probably cause less friction and make upgrading less of a “big thing” and “big things” are always where things go wrong.
They normally do have smaller releases (18.1, 18.2, 18.3, 18.4, 18.5) but going from 18 to 19 was a big update that also required a database upgrade. Rust releases don’t have database upgrades or anything that is not backwards compatible, so it’s not really comparable.
0.19 was a bit of a special case because there was a set of breaking updates that had to be done at some point, and trickle releasing breaking changes isn’t really great either. Usually hopefully the breaking changes are rare, so releases can be more frequent.
I totally respect this being potentially a big ask, but does anyone have a TL;DR of what caused or was the fix for the federation issue(s)? I don’t have capacity at this moment to look through Github Issues and PRs, but I’m curious
From the little I saw (and zero Rust, or Tokio (I think they use that) knowledge) … federation workers weren’t persisting correctly whenever it would hit certain errors or problems.
I think they would, it would be super cool to do art competitions and have the community pick the designs, could do it once a quarter to help boost funding.
I’d be down for an enamel pin. I’m sure you guys are familiar with the Apollo app (RIP), but in his merch store he had enamel pins made in the style of some of his app icons.
To add, recurring donations, no matter how small, help us plan for the future, as we can then reliably estimate how many developers we can support off them. One-offs donations and merch sales wouldn’t help us out in that regard.
I don’t think it’s that large. Text is very small and compressible compared to images. Well it depends on if you mean the actual database storage (uncompressed, with indexes) or a compressed copy of all the posts. You can see the post number in the URL, which on lemmy.world for this post is 11169622. That means there’s around 11 million posts total in lemmy.world’s database. If you assume each of them takes 0.5kB of storage that would be only ~ 5 GB of posts.
It adds another view to Registration Applications to show only denied applications, helpful for identifying spam applications and rule circumventers. I know a few people have been asking for something similar to this.
Excited, but also extremely stressed out and exhausted. For about 2 months I was getting an average of 4 hours of consistent sleep a night after that happened. We were very happy when things calmed down.
announcements
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.