Found it! The screenshot comes from the guy himself: https://twitter.com/fiatjaf/status/1576643430306164736

What makes that screenshot of an e-mail credible? Is there some other more reliable piece of evidence?

At this point it might actually be worth adding it to my CV 😂

• You can change the theme in your profile

• You can customize the CSS using an extension like Stylus to create your own theme

• You can access an instance through a custom UI, like mlmym: https://github.com/rystaf/mlmym

Woah. That is a lot sooner than I had anticipated.

Where are you at? What is your problem specifically?

Yeah, I still see the line now. I am not sure if this was a one-off, maybe the edit occurred when I rebooted the instance for a moment and the edit fell through the cracks… Or there might be an actual issue federating edits.

I think you left this line behind by accident:

l = Lemmy(INSTANCE_URL)

Sure! The comments that are posted from within your instance are labeled with “local = true”, even if they are posted to other instances. So the query below will dump all of the database entries for comments in your instance into a file. Assuming that you have a docker install.

docker exec LEMMY_POSTGRES_CONTAINER_NAME psql -U POSTGRES_USER -c "select * from comment where local=true order by comment.published desc;" > all_comments.txt

This will print to a file the comment table including all of the comments posted from within your instance, starting with the newest post. It is possible to combine other queries (such as associating the creator ID with the username), and then parse the output to produce a more informative and easy-to read output. But what I have shown might be enough for you. I may be able to help you if you need a more specific query.

1. Not super easily. It can be done by querying the postgresql dabase, but there is no built-in method to do it using the browser interface at the moment. When anyone from any instance does report them, you will see the report.

2. Someone please correct me if I am wrong. But, as far as I am aware, if you purge a user from your instance, that action is federated to every other instance - so if you respond quickly to these reports, other instance’s admins will not need to deal with them themselves. It is only when you perform an action on a user from a different instance that the action is only local.

The spikes disappeared after I increased the RAM from 2 GB to 3 GB, and they have not re-appeared over the past few hours.

It appears like some some process was hitting the 2GB RAM limit - even though under normal use only about 800GB of RAM are allocated. At first I thought that the high amount of read IOPS might be due to the swap memory kicking into action, but the server has no allocated swap.

The postgresql container appears to fail when all of the RAM is used up, and it may be that the high CPU usage is somehow related to repopulating the dabase as it is restarted… But I would think that if this were the case I would see similar spikes whenever I reboot - and I don’t.

Conclusion: I am not sure why this happens.

But if anyone else notices these spikes it may be a RAM issue. Try increasing the RAM and see if they go away.

You can create a one-person instance and hold your identity there.

If you what you want is for every server to hold your identity, you have to trust all servers. I think that an evil admin would be able to impersonate any user from any instance if that were the case. How do you delete your account? Can an any admin delete your account everywhere? Which one is the real “you”?

Thank you! I will look into cloudfare, what people say about it, and what resources are necessary to avoid DDoS attacks without it!

Better delivery and avoids exposing your IP via emails, although it’s best to setup a some sort of tunnel to avoid having that problem altogether.

Is it possible to have a public-facing instance without exposing your IP? I am not sure I understand that part, and I am very interested in understanding how to achieve that.

consider using an email delivery service like jetmail instead of sending mail directly from the instance

Why is this better? To overcome spam filters, or is there some security risk associated with e-mails?

A few years ago the plain text passwords would show up in the logs. That has been changed since then, but a malicious instance admin can easily revert this change and keep a log of plaintext passwords.

A developer explained to me that adding client-side hashing would be problematic because different clients might do the hashing in different ways, and that the desired solution is to add OAuth at some point. There is also a bit more discussion about this in that thread: https://lemmy.ml/comment/97830

I lack the technical knowledge in client-side hashing to explain why this is the case, but as far as I can tell client-side hashing is not common at all. The standard is to hash the passwords server-side.

I do think that it is important to be aware of what a malicious instance admin can potentially do: they can log your plain-text password, see your e-mail and correlate it to your IP, look at what posts you like/dislike, and read your non-encrypted private messages. But these are not “Lemmy” problems, as these are general issues when it comes to trusting the servers of the sites that you create an account in.

An important benefit of Lemmy is that you can actually set up your own server or use the server of someone who you really trust, and you can use it to interact with the rest of the instances. It is also possible to create an account without providing an e-mail, a phone number is not required, and you can usually access instances via a VPN or Tor. These are not a common luxuries when it comes to other sites.

Using unsafe passwords is dangerous in a lemmy instance, but it is dangerous anywhere.

Strange. I can pull it from Mander (https://mander.xyz/post/645346), so I was not able to diagnose the problem by monitoring the logs. I could also pull it from feddit.de

I confirm that I can’t pull it from lemmy.ml, sopuli.xyz, lemmygrad.ml, nor beehaw.org but without looking at their logs it is difficult to diagnose what is going on. Sorry :/

I was able to pull posts from your instance without problem (https://mander.xyz/post/645330)

If you give me a specific example I can look at it!

I can’t tell you why this happens, but I can tell you that if you search - click somewhere to go to another page - and then search again for the same url, then the post should appear. I think that the first search will fetch the post but not display it, and the second search it will display it.

Hi! I’ve checked and federation with your instance appears to be working properly.

For content from another instance to fetched, a person in your instance has to be subscribed to the community in which it is posted in the other instance. As an admin I try to browse other instances and subscribe liberally so that I can pull content into mine.

Likewise, for your content to be fetched to another instance, you need a user from that instance to be subscribed to the community in your instance.

If you search for a specific post, the content of that post will be pulled into the instance from which it is searched, but you need a subscriber to pull new posts.

I hope that makes sense.