freamon

Speaking of being needlessly destructive with stupid bots, these duplicates of other user’s posts don’t even register as cross-posts anymore (due to image proxying).

Exactly that, yeah. Thank you for the link.

It’s straight-forward enough to do in back-end code, to just reject a query if parameters are missing, but I don’t think there’s a way to define a schema that then gets used to auto-generate the documentation and validate the requests. If the request isn’t validated, then the back-end never sees it.

For something like https://freamon.github.io/piefed-api/#/Misc/get_api_alpha_search, the docs show that ‘q’ and ‘type_’ are required, and everything else is optional. The schema definition looks like:

/api/alpha/search:
    get:
      parameters:
        - in: query
          name: q
          schema:
            type: string
          required: true
        - in: query
          name: type_
          schema:
            type: string
            enum:
              - Communities
              - Posts
              - Users
              - Url
          required: true
        - in: query
          name: limit
          schema:
            type: integer
          required: false

required is a simple boolean for each individual field - you can say every field is required, or no fields are required, but I haven’t come across a way to say that at least one field is required.

PieFed has a similar API endpoint. It used to be scoped, but was changed at the request of app developers. It’s how people browse sites by ‘New Comments’, and - for a GET request - it’s not really possible to document and validate that an endpoint needs to have at least one of something (i.e. that none of ‘post_id’ or ‘user_id’ or ‘community_id’ or ‘user_id’ are individually required, but there needs to be one of them).

It’s unlikely that these crawlers will discover PieFed’s API, but I guess it’s no surprise that they’ve moved on from basic HTML crawling to probing APIs. In the meantime, I’ve added some basic protection to the back-end for anonymous, unscoped requests to PieFed’s endpoint.

The best way to provide ! links that work for the most people is just to type them out as plain text, not as a hyperlink to anything.

So, these communities can be found at:

!roughromanmemes@piefed.social

!politicalcompassmemes@piefed.social

!inhabitedbeauty@piefed.social

!tankiejerk@piefed.social

!historyphotos@piefed.social

!historyart@piefed.social

!historyartifacts@piefed.social

!historyruins@piefed.social

!shermanposting@piefed.social

!noncredibledefense@piefed.social

Also, from what I can tell, they haven’t been moved using PieFed’s community migration facility (which squishes the old remote community into a new local one and retains the history (e.g. like what happened with like !casualconversation@piefed.social ). These are just brand new communities, starting from scratch.

I’ll just remove the ‘freamon’ one when the auto-generated one is up to date.

The manually-generated one had 5 missing routes, which I’ve since added.

The auto-generated one at crust has about 48 missing routes. It’s the right approach, and I’ll help out with it when I can, but - for now at least - it makes no sense to redirect people to it (either automatically or via a comment).

Some thoughts for @wjs018@piefed.social

/site/instance_chooser probably doesn’t need to be a route. It’s just the data format returned by /site/instance_chooser_search. As a route, it’s returning the instance info for the site you’re querying, so if you want to keep it as a route, it should probably be called /site/instance_info or something.

In the query for /site/instance_chooser_search, nsfw and newbie are both booleans. With the rest of the API, these are sent as ‘true’ or ‘false’, but they are ‘yes’ and ‘no’ for this route. The newbie query should probably be newbie_friendly In the response, monthsmonitored should probably be months_monitored

There’s no way to exclude communities for the response to /topic/list and /feed/list: If you don’t put ‘include_communities’ in the query, it’s defaults to True, but if you put ‘include_communities=false’ in the query it ends up being True also (because the word ‘include_communities’ is in the data).

Your link is broken.

It’s probably not worth editing (vs. deleting), 'cos the video is also linked to in !games@lemmy.world, !gaming@lemmy.ml and again in this community too (a minute after you).

I’d be wary of getting a conversation node from anybody other than the original author (as described in the second approach).

There’s a reason why, if you want to resolve a missing post in Lemmy, etc, you have to use the fedi-link to retrieve it from its source, not just from any other instance that has a copy (because, like the “context owner”, they could be lying).

For Group-based apps, conversation backfill is mostly an issue for new instances, who might have a community’s posts (from its outbox), but will be missing old comments. Comments can be automatically and recursively retrieved when they are replied to or upvoted by a remote actor, but fetching from the source (as you arguably should do) is complicated by instances closing (there’s still loads of comments from feddit.de and kbin.social out there - it will be much worse when lemm.ee disappears). So perhaps Lemmy could also benefit from post authors being considered the trusted owner of any comments they receive.

What is the update delay for Fediseer?

I don’t know. It’s not something I’m familiar with - it might just default to saying ‘closed’ if it doesn’t have the data.

It’s interesting that the obvious bot accounts on those instances were set up in mid-March last year, so I’m guessing that these are somebody’s army that they’ve used before, but overplayed their hand when they turned it on the DonaldJMusk person. The admins can reasonably be blamed for setting up instances with open registrations and no protections and then forgetting about them, but I’d be wary of blaming them for being behind the attack directly. The ‘nicole’ person is unlikely to have used their own instance - it’s probably just someone with the same MO as whoever owns the bots, finding and exploiting vulnerable instances.

lemmy.world recently updated from version 0.19.3 to 0.19.10. This change - for Lemmy communities to federate out posts with the community name as a hashtag - was introduced in 0.19.4, so that might be the other reason why this has only just become an issue for you.

The attacker seems to be the admin of those two instances. Both instances have their registrations closed.

The alternative theory would be that these instances had open registrations, but rightly closed registration down after the admins noticed the bots. chinese.lol is on 0.18.4 with an admin with a 2 year old account, lemmy.doesnotexist.club has an admin with a 1 year account, and it was also that instance that the ‘nicole’ person has used before. This downvote attack would need to be a long time in the planning for what you’re suggesting to be true.

There’s an open issue for that kind of thing here: https://github.com/LemmyNet/lemmy/issues/818

If you don’t already know, loads of the images attached to your posts were deleted by accident: https://github.com/LemmyNet/lemmy/issues/5560

There’s a user who cross-posts lots of stuff from ML, and when the admin banned him, it nuked your images too (because both your posts and his posts were pointing to the same image).

I don’t think that blog author is male, btw.

I noticed that a new community - !fedistream@lemmy.world by @Cattail@lemmy.world - has been launched, so maybe there’s been an increase that at least one other person has noticed.

I think that’s what he meant, yeah (no existing DB migration scripts, etc). I don’t know much about it, but I imagine it was probably always going to involve someone more familiar with Lemmy diving into the trenches.

TV shows and movies are already compressed. If you try to compress something that’s already compressed, it typically ends up bigger if anything.

He’s mentioned this before, but I’ve never been able to find an actual PixelFed Group (it doesn’t appear to be the same thing as what they call Collections). I’ll have another look when pixelfed.social enables them this weekend (but I suspect parsing titles for the posts will be a nightmare).

Also, ‘smithereen’ is tagged but I’m not sure of its status (all I found was 1 private instance run by the dev, federated with 1 “explicitly-free-speech” Akkoma instance).

Clarkson has been trying to warn us for years, and we haven’t been listening. He punched a producer when his dinner wasn’t on time, to highlight the impending delays to food deliveries after Brexit. He left the BBC to work for Amazon, presenting a show that was a shadow of it’s former self, to illustrate how billionaires diminish everything they touch.

He couldn’t be clearer with his messaging, but the UK continues to ignore him.

You don’t need to apologise. I wasn’t trying to give you a hard time (sorry if it seemed like that). The remote posts I linked to in my earlier comment have now gone (maybe I was being given a cached version before - that’s a possibility I often forget about).