There have been users spamming CSAM content in !lemmyshitpost@lemmy.world causing it to federate to other instances. If your instance is subscribed to this community, you should take action to rectify it immediately. I recommend performing a hard delete via command line on the server.
I deleted every image from the past 24 hours personally, using the following command: sudo find /srv/lemmy/example.com/volumes/pictrs/files -type f -ctime -1 -exec shred {} \;
Note: Your local jurisdiction may impose a duty to report or other obligations. Check with these, but always prioritize ensuring that the content does not continue to be served.
Update
Apparently the Lemmy Shitpost community is shut down as of now.
There have been studies which found playing tetris for an hour or two after seeing something traumatic can prevent it taking root in our longterm memory.
I tried it once after accidentally clicking a link on reddit that turned out to be gore, I can’t remember exactly what it was now (about 9 months later) so it must have worked
That’s pretty genious. One way to work with trauma is moving the eyes from side to side along to a moving light. It’s basically to force the brain to work through something that used to stall it. So tetris, since it is highly reactive and logical, also needs spatial thinking, should very much force the brain to work instead of stalling.
Yeah you really can’t. I’m pretty desensitized from earlier internet with death and other shock gore content but had managed to avoid CSAM until today. It was a lot worse than I expected, felt my heart drop. Worse, my app autoplays gifs in thumbnail so it kept going while I was reporting it.
I’ve mostly forgotten and it wasn’t on my mind until I saw this thread (happened less than 24hr ago) but even the slightest reminder is oddly upsetting. Wish I’d thought of the Tetris thing.
Child sexual abuse material - underage porn. For obvious reasons, you don’t want this to be something you’re hosting automatically out of your basement server.
I’ve been listing to the audiobook for American Prometheus: The Triumph and Tragedy of J. Robert Oppenheimer and the number of times they say “CP” as an abbreviation for “Communist Party” is too damn high.
Also last time I went to the amusement park Cedar Point they’ve got “CP” as an abbreviation on all sorts of stuff.
Made me chuckle, but I do think it’s perhaps time to move to the abbreviation CSAM since it’s less likely to get used for other purposes.
Youtube literally flat banned any channel with CP in it. Regardless of what CP actually stood for, like say combat power in pokemon go… Lots of bigger YouTubers got hit with account closures for like a week before it got reversed.
In what world anyone would think that CP implies consent? I mean, the word ‘child’ is right there. Do you think that the term ‘child soldiers’ implies consent?
I don’t have anything against the term CSAM but if it was created because of doubts around consent it was a silly reason to create it.
I think it has less to do with the existence of non-consensual porn as with the possibility and, indeed, existence of vast amounts of consensual porn. Consent is very much possible in adult porn, it isn’t with CSAM. It’s also possible with soldiers, though of course conscription exists and ask a random Ukrainian they’d rather not have to be a soldier for their loved ones to be protected.
The term originates from professionals - psychiatrists etc - who work in that field, because they knew even decades ago that “pron” is the wrong word for this kind of material.
I see where you’re going with this, but no, people really are just absolutely horrible. The fact is that with other social media they’re just already very set up in managing this so we never see it. Lemmy wants to be open, this is the flipside of that openness.
It’s generally easy to crap on what’s ‘bad’ about big players, while underestimating or undervaluing what they are doing right for product market fit.
A company like Meta puts hundreds of people in foreign nations through PTSD causing hell in order to moderate and keep clean their own networks.
While I hope that’s not the solution that a community driven effort ends up with, it shows the breadth of the problems that can crop up with the product as it grows.
I think the community will overcome these issues and grow beyond it, but jerks trying to ruin things for everyone will always exist, and will always need to be protected against.
To say nothing for the far worse sorts behind the production and more typical distribution of such material, whom Lemmy will also likely eventually need to deal with more and more as the platform grows.
It’s going to take time, and I wouldn’t be surprised if the only way a federated social network eventually can exist is within onion routing or something, as at a certain point the difference in resources to protect against content litigation between a Meta and someone hosting a Lemmy server is impossible to equalize, and the privacy of hosts may need to be front and center.
The solution in this case is absolutely AI filters. Unfortunately you won’t find many people willing to build robust model for that. Because they’d be those getting the ptsd you mention.
Iirc, ptsd is something only certain characters get. We should probably focus on finding people who really have no problem watching rough content. I have ptsd so I probably am not the right person for the job.
I don’t want to try. I have pretty low barrier. I set up NSFW filter on lemmy because I found disturbing the furry content that was common some time ago… I don’t want even to try anything worst than that
I’m not subscribed to that community, but I guess I’m glad Pictrs doesn’t work for me, since I am using the Yunohost version of Lemmy. The creators of the Yunohost package couldn’t get it to work. I haven’t really missed it honestly.
It just means that you can’t upload pictures, including banners or avatars. However, when I want to create an image post, I just make the post on Pixelfed and then mention the Lemmy community I want to post to at the bottom of the post body. Supposedly there’s a way to reference a remote image for a banner or an avatar, but I haven’t figured that out yet.
You’ll need to find where the actual container files are being stored. I’m unfortunately not familiar with Lemmy Easy Deploy, but you should have a folder that has some files/folders like docker-compose.yml, volumes, lemmy.hjson.
The important one is the volumes/pictrs/files folder, take the full path of that folder and replace it with the /srv/lemmy/example.com... path from the original post, and then that command should work.
As far as I know, images should not be federating to federated instances, right? Image proxying is supposed to be added to pictrs version 0.5.0 but it is still in alpha.
I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn’t seen this post? This is too much responsibility for me.
I just shut down my instance until we can disable cached images. If that never happens, then I’m not bringing it back up.
Shout-out to https://github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it’s exactly the same.
Someone is trying really hard to hurt Lemmy by continually attacking the most popular instance. Is this all coming from right-wingers upset that their nazi instances were defederated across basically the whole fediverse?
I wouldn’t put it past the hexbear crazies throwing a tantrum. They claim to be left wing… Sure seem more like fascist trumper types though. Maybe it’s just that they’re all incels and incels all seem about the same.
Throwing a tantrum about what exactly? They’re one of the oldest-running Lemmy instances. Until now they were running a fork based on a pre-Federation version of the codebase.
You believe they did a bunch of work migrating their database only to then negate that work by destroying the community they wanted to Federate with?
At least a handful of users on hexbear had made their intention clear during the first week of re-federation, they were looking to cause chaos on Lemmy for there own pleasure. I don’t know if they were banned and/or their comments deleted.
Well something to keep in mind is that hexbear isn’t one person … it’s a whole community that’s developed independently for a while. So it’s reasonable to expect that there’d be variation in the behaviours of members in the same way there’s variation on the rest of lemmy. From what I’ve gathered, not all hexbear members are keen on the re-federation, and some aren’t too keen on being “well-behaved” around politically opposed users (ie “libs”), though hexbear admins and other users have promised moderation and that such isn’t part of the core hexbear values.
It’s social media, afterall … and people can be rather shit and ruin it for the rest of us. In the end, the core service provided a social media platform isn’t the hardware, sys-admin-work or software (however necessary they are) … it’s the moderation work.
The moderation keeps the place sanitary enough for people to actually want to be here … however much we may have problems with particular actions of our moderators, we should really support and praise them at every turn.
they’re all incels and incels all seem about the same.
Downvote from me there. I’ve seen plenty of examples of hexbear people being nice, interesting and good sports. They definitely seem to have more of shitposting culture than is normal on mainstream lemmy. But all in all it’s seemed fun to me from what I’ve seen.
Beyond all that, this is just superficial and prejudicial. If you had some examples to link to or more substantial insights to share as to why it’d be “them”, that’d be worth reading.
Otherwise, they’re an instance. Not one person, I’m sure some on hexbear are assholes and some awesome.
Sorry, not from lemmygrad. And I’m on lemmy.ml because I joined before the Reddit migration and “Privacy and FOSS” (the focus of lemmy.ml) made a lot of sense for a lemmy instance/community.
Beyond that … more superficial, prejudicial hate mongering without any description of why or for what purpose. Sorry, I don’t think it’s worth reading … a downvote from me … and, just being real for a moment … at the moment it’s more likely that you’re a member of a “notoriously toxic … trollfest”.
Ironically, IME, I’ve seen significantly more troll-like tankie hate than I do tankie-trolling. I keep asking for receipts/links to tankie trolling here, as I’m genuinely curious to see it and understand what people are so upset about (please don’t explain to me what’s so upsetting unless it’s culturally thorough or coupled with some links+descriptions) … but no one has been able to do so.
This makes the most sense to me. It’s a pretty vitriolic attack, therefore I don’t think it’s simply a troll while at the same time I don’t believe it’s any corporate social media.
My tin foil hat is telling me it’s one of the other social media companies funding a hacking group to do it. They stand to have the most to lose, and they’ve seemingly decided to enjoy changing the narrative regarding multiple topics. Lemmy stands directly against what the bigger social medias stand for.
I have no evidence to back this though. As a business owner I just know that things become very consistent when people are being paid, and very inconsistent when they aren’t. These attacks are seemingly very consistent/organized.
The longer it continues, the more likely that scenario is IMO. Bitter alt-right extremists would probably start losing interest after a short while, whereas social media competitors would stand to gain from long-term interference.
You think a company that is posed to go public is going to attack a competitor with a minuscule amount of traffic with extremely illegal material that could put them in prison for even having?
Like, again, I pretty solely think it’s spez’s own personal ego shit. For example, he could have just shutdown the API. Instead, he had a weeks-long meltdown including committing libel against a developer. Someone like Zuckerberg doing this doesn’t make any sense to me, but I can totally see spez being exactly that kind of petty.
When a particular social media platform is centralized, you can buy yourself a say percentage of stock and have sway over it (cough tencent), or have a useful idiot ruin the platform (cough musk), or another useful idiot to run propaganda you like anyway (cough truth social, cough fox news, cough newsmax…), or yet another that will sell out it’s host country’s citizens for cold hard cash (cough facebook).
But when that social media platform is decentralized? Well, then you’d need to figure out how to poison the well early on to stave off adoption. The Saudi Arabias, UAEs, Chinas definitely don’t like the idea of lemmy, and it’ll be way harder for them to control if critical mass is hit.
Add to that the fact that mainstream social media companies wouldn’t touch DDoS and CSAM attacks with a 100-foot pole, even if they contracted with a third party. Both of these attacks are highly illegal and would surely ruin a publicly traded company (or one that’s trying to go public, like Reddit).
And don’t forget Russia in your list of state actors who are threatened by the unrestricted flow of information. They definitely don’t want their citizenry to be informed of how disastrously their invasion of Ukraine is going, or what a murderous scumbag Putin is.
Considering all the alt-right garbage that was popping up there the last couple of days this seems at least plausible. I sometimes envy their ability to utterly destroy anything they touch.
You want me to link posts that the mods removed? That seems like an unrealistic expectation. You could always check the post pinned to the top of lemmyshitpost where they describe the recent problems, but I suspect you didn’t ask for proof in good faith
I checked and there shouldn’t be any images stored on the server when running lemmy 1.18.4. The post was made in high emotional distress and shouldn’t be taken at a face value. If the posts are bothering you I advise purging the posts in question. (I have already done that)
How did you check this? From my understanding, images from external servers are copied (and transcoded) over locally. At least in my server (running 0.18.4), they do.
Let me try to figure this out. The first is a photo uploaded to lemmy.world, the second is a photo originally uploaded to lemmy.nz, both posts are in a federated version of lemmy.world’s shitpost community.
This is just a theory, but perhaps images hosted on the same server as the federated community will directly link, whereas images uploaded somewhere other than the federated community will be copied into cache, presumably in case the original host shuts down unexpectedly? See if this is the case?
images hosted on the same server as the federated community will directly link
https://ani.social/post/288601 - This image is uploaded from a user on the same instance as the federated community (lemmy.world) but the image is cached.
images uploaded somewhere other than the federated community will be copied into cache
https://ani.social/post/285354 - This image is uploaded from a user on a different instance (lemm.ee) from the federated community (lemmy.world) but the image is not cached.
The behaviour is pretty weird. Hopefully we can disable image caching/copying-over-locally so we don’t have to deal with problematic images hosted by other instances.
I shut down the pictrs or whatever docker container on my instance so all I host is containers and the database. All the images that I see on my instance are external links. I can check by just looking at the rendered HTML.
It depends on how the image posted, the thumbnails might get federated. If the image is used in a post/comment body, usually the thumbnails are not federated.
I’m on 1.18.4, once I deleted the most recent images, the former CSAM posts(among others) became broken images. So yes, it was pulling from local disk cache. Then I took care of the posts themselves after the content was invalidated.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !selfhosted@lemmy.world
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don’t control.
Rules:
Be civil: we’re here to support and learn from one another. Insults won’t be tolerated. Flame wars are frowned upon.
No spam posting.
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it’s not obvious why your post topic revolves around selfhosting, please include details to make it clear.
Don’t duplicate the full text of your blog or github here. Just post the link for folks to click.
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
No trolling.
Resources:
selfh.st Newsletter and index of selfhosted software and apps
big F in chat for those of you dealing with this. my #1 fear about setting upand instance.
It impacts everyone when this shit happens. It takes time for mods/admins to take down. And you can’t unsee it.
I hope nobody else has the misfortune of stumbling on that shit
There have been studies which found playing tetris for an hour or two after seeing something traumatic can prevent it taking root in our longterm memory.
I tried it once after accidentally clicking a link on reddit that turned out to be gore, I can’t remember exactly what it was now (about 9 months later) so it must have worked
This advice is a few hours too late for me. Hope it helps others
Don’t worry, life with hold many more traumas
Cue Homer Simpson: This is the worst thing you’ve seen in your life so far
I just posted an article explaining the study to the ‘You Should Know’ community, so hopefully some of the people who need to see it do so
Can you please link a study?
https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7828932/
https://www.ox.ac.uk/news/2017-03-28-tetris-used-prevent-post-traumatic-stress-symptoms
That’s pretty genious. One way to work with trauma is moving the eyes from side to side along to a moving light. It’s basically to force the brain to work through something that used to stall it. So tetris, since it is highly reactive and logical, also needs spatial thinking, should very much force the brain to work instead of stalling.
Yeah you really can’t. I’m pretty desensitized from earlier internet with death and other shock gore content but had managed to avoid CSAM until today. It was a lot worse than I expected, felt my heart drop. Worse, my app autoplays gifs in thumbnail so it kept going while I was reporting it.
I’ve mostly forgotten and it wasn’t on my mind until I saw this thread (happened less than 24hr ago) but even the slightest reminder is oddly upsetting. Wish I’d thought of the Tetris thing.
What’s CSAM?
Child sexual abuse material
Child sexual abuse material - underage porn. For obvious reasons, you don’t want this to be something you’re hosting automatically out of your basement server.
That’s what I thought. Back in my days it was called CP.
I’ve been listing to the audiobook for American Prometheus: The Triumph and Tragedy of J. Robert Oppenheimer and the number of times they say “CP” as an abbreviation for “Communist Party” is too damn high.
Also last time I went to the amusement park Cedar Point they’ve got “CP” as an abbreviation on all sorts of stuff.
Made me chuckle, but I do think it’s perhaps time to move to the abbreviation CSAM since it’s less likely to get used for other purposes.
Youtube literally flat banned any channel with CP in it. Regardless of what CP actually stood for, like say combat power in pokemon go… Lots of bigger YouTubers got hit with account closures for like a week before it got reversed.
https://www.techspot.com/news/78814-youtube-bans-several-pokmon-go-channels-over-mistaken.html
Csam is an objectively better name.
‘Porn’ implies consent.
In what world anyone would think that CP implies consent? I mean, the word ‘child’ is right there. Do you think that the term ‘child soldiers’ implies consent? I don’t have anything against the term CSAM but if it was created because of doubts around consent it was a silly reason to create it.
I think it has less to do with the existence of non-consensual porn as with the possibility and, indeed, existence of vast amounts of consensual porn. Consent is very much possible in adult porn, it isn’t with CSAM. It’s also possible with soldiers, though of course conscription exists and ask a random Ukrainian they’d rather not have to be a soldier for their loved ones to be protected.
The term originates from professionals - psychiatrists etc - who work in that field, because they knew even decades ago that “pron” is the wrong word for this kind of material.
I think it’s more likely some people working in those fields wanted to improve their career by popularizing a new term.
There’s a lot of porn that wasn’t made consensually either. I don’t care what we refer to csam as but I think it’s important to acknowledge that.
Just google it.
Edit: Not Safe For Life
I kind of suspected it’s better not to google it at work.
deleted by creator
Self hoster here, im nuking all of pictrs. People are sick. Luckily I did not see anything, however I was subscribed to the community.
sudo find /srv/lemmy/example.com/volumes/pictrs -type f -exec shred {} \;Removed the pictrs config in lemmy.hjson
removed pictrs container from docker compose
Anything else I should to protect my instance, besides shutting down completely?
There was a weird JSON error I was getting in the last few minutes. I’m not sure if this is at all related.
i’d love for a good tech journalist to look into how and why this is happening and do a full write-up on it. come on ars, verge, vice
So, from memory there has been:
Am I missing anything?
This seems like more than just a few trolls. Maybe someone really doesn’t want to see user-owned social media take off.
I see where you’re going with this, but no, people really are just absolutely horrible. The fact is that with other social media they’re just already very set up in managing this so we never see it. Lemmy wants to be open, this is the flipside of that openness.
It’s generally easy to crap on what’s ‘bad’ about big players, while underestimating or undervaluing what they are doing right for product market fit.
A company like Meta puts hundreds of people in foreign nations through PTSD causing hell in order to moderate and keep clean their own networks.
While I hope that’s not the solution that a community driven effort ends up with, it shows the breadth of the problems that can crop up with the product as it grows.
I think the community will overcome these issues and grow beyond it, but jerks trying to ruin things for everyone will always exist, and will always need to be protected against.
To say nothing for the far worse sorts behind the production and more typical distribution of such material, whom Lemmy will also likely eventually need to deal with more and more as the platform grows.
It’s going to take time, and I wouldn’t be surprised if the only way a federated social network eventually can exist is within onion routing or something, as at a certain point the difference in resources to protect against content litigation between a Meta and someone hosting a Lemmy server is impossible to equalize, and the privacy of hosts may need to be front and center.
The solution in this case is absolutely AI filters. Unfortunately you won’t find many people willing to build robust model for that. Because they’d be those getting the ptsd you mention.
Iirc, ptsd is something only certain characters get. We should probably focus on finding people who really have no problem watching rough content. I have ptsd so I probably am not the right person for the job.
I don’t want to try. I have pretty low barrier. I set up NSFW filter on lemmy because I found disturbing the furry content that was common some time ago… I don’t want even to try anything worst than that
Can absolutely relate. Just seeing nsfw if you‘re not anticipating it is very weird.
It is very reminiscent of the trolls in the earlier web.
I’m not subscribed to that community, but I guess I’m glad Pictrs doesn’t work for me, since I am using the Yunohost version of Lemmy. The creators of the Yunohost package couldn’t get it to work. I haven’t really missed it honestly.
Can you run lemmy without pictrs? What behavior is different?
It just means that you can’t upload pictures, including banners or avatars. However, when I want to create an image post, I just make the post on Pixelfed and then mention the Lemmy community I want to post to at the bottom of the post body. Supposedly there’s a way to reference a remote image for a banner or an avatar, but I haven’t figured that out yet.
I am using the Lemmy easy deploy would this command works?
You’ll need to find where the actual container files are being stored. I’m unfortunately not familiar with Lemmy Easy Deploy, but you should have a folder that has some files/folders like
docker-compose.yml,volumes,lemmy.hjson.The important one is the
volumes/pictrs/filesfolder, take the full path of that folder and replace it with the/srv/lemmy/example.com...path from the original post, and then that command should work.As far as I know, images should not be federating to federated instances, right? Image proxying is supposed to be added to pictrs version 0.5.0 but it is still in alpha.
Images do sometimes. At least in my instance they do. See this post for example. There’s a local copy stored in my server.
edit: I’m running pict-rs 0.4.2
I get it. Thumbnails are cached. Thanks.
Not just the thumbnail. The full image is cached. There’s a PR request to disable thumbnail caching but not the full image.
Yeah you are right. It’s here: https://ani.social/pictrs/image/78d05797-5b02-4c5a-bd86-132f0f41856c.webp
Thanks.
I got lucky. I am not subscribed to this community, and I am the only person on my instance. But what if I was subscribed and hadn’t seen this post? This is too much responsibility for me.
I just shut down my instance until we can disable cached images. If that never happens, then I’m not bringing it back up.
Shout-out to https://github.com/wescode/lemmy_migrate. I moved my subscriptions over in a minute or two, and now, other than not having my post history, it’s exactly the same.
It is coming, don’t worry.
Do we have a PR or issue tracking that? That’s a pretty major item I’m looking forward to
https://github.com/LemmyNet/lemmy/pull/3897
Good, hopefully next release
Someone is trying really hard to hurt Lemmy by continually attacking the most popular instance. Is this all coming from right-wingers upset that their nazi instances were defederated across basically the whole fediverse?
The simplest explanation is 4chan types just doing it for the lulz.
Could be, I’m surprised /g/ didn’t create an instance
Their knowledge stops at creating sway screenshots.
I’m sure someone’s already created a logo. But, that’s as far as they ever get.
deleted by creator
I wouldn’t put it past the hexbear crazies throwing a tantrum. They claim to be left wing… Sure seem more like fascist trumper types though. Maybe it’s just that they’re all incels and incels all seem about the same.
deleted by creator
Throwing a tantrum about what exactly? They’re one of the oldest-running Lemmy instances. Until now they were running a fork based on a pre-Federation version of the codebase.
You believe they did a bunch of work migrating their database only to then negate that work by destroying the community they wanted to Federate with?
Big difference between a few users who did a bunch of work and the toxic goonsquad the majority of the userbase turned into.
At least a handful of users on hexbear had made their intention clear during the first week of re-federation, they were looking to cause chaos on Lemmy for there own pleasure. I don’t know if they were banned and/or their comments deleted.
Well something to keep in mind is that hexbear isn’t one person … it’s a whole community that’s developed independently for a while. So it’s reasonable to expect that there’d be variation in the behaviours of members in the same way there’s variation on the rest of lemmy. From what I’ve gathered, not all hexbear members are keen on the re-federation, and some aren’t too keen on being “well-behaved” around politically opposed users (ie “libs”), though hexbear admins and other users have promised moderation and that such isn’t part of the core hexbear values.
It’s social media, afterall … and people can be rather shit and ruin it for the rest of us. In the end, the core service provided a social media platform isn’t the hardware, sys-admin-work or software (however necessary they are) … it’s the moderation work.
The moderation keeps the place sanitary enough for people to actually want to be here … however much we may have problems with particular actions of our moderators, we should really support and praise them at every turn.
Downvote from me there. I’ve seen plenty of examples of hexbear people being nice, interesting and good sports. They definitely seem to have more of shitposting culture than is normal on mainstream lemmy. But all in all it’s seemed fun to me from what I’ve seen.
Beyond all that, this is just superficial and prejudicial. If you had some examples to link to or more substantial insights to share as to why it’d be “them”, that’d be worth reading.
Otherwise, they’re an instance. Not one person, I’m sure some on hexbear are assholes and some awesome.
So, so shocked someone it’s from lemmygrad that is defending the notoriously toxic “communist” tanky trollfest instance.
Sorry, not from lemmygrad. And I’m on lemmy.ml because I joined before the Reddit migration and “Privacy and FOSS” (the focus of lemmy.ml) made a lot of sense for a lemmy instance/community.
Beyond that … more superficial, prejudicial hate mongering without any description of why or for what purpose. Sorry, I don’t think it’s worth reading … a downvote from me … and, just being real for a moment … at the moment it’s more likely that you’re a member of a “notoriously toxic … trollfest”.
Ironically, IME, I’ve seen significantly more troll-like tankie hate than I do tankie-trolling. I keep asking for receipts/links to tankie trolling here, as I’m genuinely curious to see it and understand what people are so upset about (please don’t explain to me what’s so upsetting unless it’s culturally thorough or coupled with some links+descriptions) … but no one has been able to do so.
Most people from hexbear provide sources, which is better than can be said for all the tankie hate.
lemmy.ml =/= lemmygrad.ml
This makes the most sense to me. It’s a pretty vitriolic attack, therefore I don’t think it’s simply a troll while at the same time I don’t believe it’s any corporate social media.
My tin foil hat is telling me it’s one of the other social media companies funding a hacking group to do it. They stand to have the most to lose, and they’ve seemingly decided to enjoy changing the narrative regarding multiple topics. Lemmy stands directly against what the bigger social medias stand for.
I have no evidence to back this though. As a business owner I just know that things become very consistent when people are being paid, and very inconsistent when they aren’t. These attacks are seemingly very consistent/organized.
There must be room under that tinfoil hat for the both of us, because this was my first thought too.
The longer it continues, the more likely that scenario is IMO. Bitter alt-right extremists would probably start losing interest after a short while, whereas social media competitors would stand to gain from long-term interference.
Come on in! There’s cookies.
You think a company that is posed to go public is going to attack a competitor with a minuscule amount of traffic with extremely illegal material that could put them in prison for even having?
See, I don’t believe this was done by a large corp. But all the DDoSing that’s happened? I can see u/spez orchestrating that.
Lemmy isn’t a threat to Reddit. It’s the same old trolls doing it like every other time.
I don’t think they do see it as a threat, I just think spez is petty enough and juvenile enough to do it.
it’s this https://amp.knowyourmeme.com/memes/i-feel-bad-for-you-i-dont-think-about-you-at-all
Like, again, I pretty solely think it’s spez’s own personal ego shit. For example, he could have just shutdown the API. Instead, he had a weeks-long meltdown including committing libel against a developer. Someone like Zuckerberg doing this doesn’t make any sense to me, but I can totally see spez being exactly that kind of petty.
You would pay a third party to do it. And keep details extremely vague so you have plausible deniability.
Just No, it’s nonsense.
Reddit? No. I was thinking moreso Meta. They have the deeper pockets and a proven track record of breaking privacy laws to their own benefit.
Meta was talking about adding Mastodon federation to their Threads app. So I very much doubt it.
They’d probably take an Embrace, Expand, Extinguish approach.
That’s even worse. Meta probably doesn’t even know what Lemmy is.
So then why was Meta trying to get Threads to be on the Fediverse? Of course they’re aware of any potential threats, no matter how small.
Why reinvent the wheel if someone’s just going to hand you the backend? Lemmy is no threat to them.
The threat is a new sustainable community that’s sheltered from advertising that people could leave Factbook/Instagram/whatever and go to.
I’d go with state actors first.
When a particular social media platform is centralized, you can buy yourself a say percentage of stock and have sway over it (cough tencent), or have a useful idiot ruin the platform (cough musk), or another useful idiot to run propaganda you like anyway (cough truth social, cough fox news, cough newsmax…), or yet another that will sell out it’s host country’s citizens for cold hard cash (cough facebook).
But when that social media platform is decentralized? Well, then you’d need to figure out how to poison the well early on to stave off adoption. The Saudi Arabias, UAEs, Chinas definitely don’t like the idea of lemmy, and it’ll be way harder for them to control if critical mass is hit.
You don’t get a lot of upvotes and sure we don’t know but it isn’t like the NSA infiltrated (in person) left wing groups and more.
It’s definitely a possibility that someone doesn’t like decentralised content enough to put some meager efforts against it.
Yep, that’s a great point.
Add to that the fact that mainstream social media companies wouldn’t touch DDoS and CSAM attacks with a 100-foot pole, even if they contracted with a third party. Both of these attacks are highly illegal and would surely ruin a publicly traded company (or one that’s trying to go public, like Reddit).
And don’t forget Russia in your list of state actors who are threatened by the unrestricted flow of information. They definitely don’t want their citizenry to be informed of how disastrously their invasion of Ukraine is going, or what a murderous scumbag Putin is.
You have a massively inflated view of Lemmy’s importance in the social media market.
Considering all the alt-right garbage that was popping up there the last couple of days this seems at least plausible. I sometimes envy their ability to utterly destroy anything they touch.
I’m sure you’d love to link to some examples
See people claim this constantly with no proof
You want me to link posts that the mods removed? That seems like an unrealistic expectation. You could always check the post pinned to the top of lemmyshitpost where they describe the recent problems, but I suspect you didn’t ask for proof in good faith
Ah that’s actually my bad, I thought you were replying to a different comment in reference to hexbear
I checked and there shouldn’t be any images stored on the server when running lemmy 1.18.4. The post was made in high emotional distress and shouldn’t be taken at a face value. If the posts are bothering you I advise purging the posts in question. (I have already done that)
How did you check this? From my understanding, images from external servers are copied (and transcoded) over locally. At least in my server (running 0.18.4), they do.
There is a possibility that my instance is buggy and it isn’t caching images even though it should.
It’s pretty inconsistent from my experience. Sometimes images do cache and sometimes they don’t.
edit:
Here’s an example from my instance:
https://ani.social/post/284147 - JPEG image that isn’t copied/cached by my server.
https://ani.social/post/285861 - WEBP image copied/cached by my server.
Let me try to figure this out. The first is a photo uploaded to lemmy.world, the second is a photo originally uploaded to lemmy.nz, both posts are in a federated version of lemmy.world’s shitpost community.
This is just a theory, but perhaps images hosted on the same server as the federated community will directly link, whereas images uploaded somewhere other than the federated community will be copied into cache, presumably in case the original host shuts down unexpectedly? See if this is the case?
https://ani.social/post/288601 - This image is uploaded from a user on the same instance as the federated community (lemmy.world) but the image is cached.
https://ani.social/post/285354 - This image is uploaded from a user on a different instance (lemm.ee) from the federated community (lemmy.world) but the image is not cached.
The behaviour is pretty weird. Hopefully we can disable image caching/copying-over-locally so we don’t have to deal with problematic images hosted by other instances.
I shut down the pictrs or whatever docker container on my instance so all I host is containers and the database. All the images that I see on my instance are external links. I can check by just looking at the rendered HTML.
https://files.catbox.moe/vm4yxl.png
It depends on how the image posted, the thumbnails might get federated. If the image is used in a post/comment body, usually the thumbnails are not federated.
You can refer to this post. The full image is copied to my instance (and transcoded). Not just the thumbnail.
I’m on 1.18.4, once I deleted the most recent images, the former CSAM posts(among others) became broken images. So yes, it was pulling from local disk cache. Then I took care of the posts themselves after the content was invalidated.
Likely Spez’s personal jailbait collection
If the source deletes the post. Won’t that remove it from all the instances ?
deleted by creator
That’s sounds like a feature request.
I went ahead and just deleted my entire pictrs cache and will definitely disable caching other servers images when it becomes available.
Anyone know if this work is tracked anywhere? I’m suddenly really suspicious of continuing to run my own instance.
https://github.com/LemmyNet/lemmy/pull/3897
It does say “thumbnails” but as far as I know, Lemmy (or pictrs) makes a copy of the full image too. I don’t know if this PR includes full images.
https://github.com/LemmyNet/lemmy/pull/3897