On Digg there’s some drama because someone registered the community “/wallstreetbets,” and the admins took it from him and gave it to one mod of the subreddit “r/wallstreetbets.”
One day later I see this discussion about how Reddit registered trademarks for some high-profile subreddits.
This could be relevant for the Threadiverse.
It’s also a hypothetical, not the actual reality.
If it ever becomes a problem then it requires editing a single line of code (which could easily be setup to read a user-specified location if the complainer wants to change things). It takes 45 seconds to locate the changes: https://github.com/LemmyNet/lemmy/commit/8c2303a1e7b784689471a6670a28354b7dff82ad#diff-8a74e1aa82158c28d9695f1f124a49078129391eee455cc691aa330ad11664d5 in build.rs
Complaing about Lemmy while not doing anything to contribute to fixing the problem shows that some people are mentally stuck in Reddit and don’t understand open source processes.
There’s no product manager being paid to scan social media looking for complaints to relay to development.
If someone notices a problem or has a problem with the design then the answer is to create an issue on the issue tracker for the project. It’s even better if you edit the code how you think it should be and include a pull request.
The answer isn’t to misrepresent changes or discussion from the issue tracker in order to stir up anger and outrage.
In the FOSS world, if you want things to change then go change them.
Being aware of the practices going on inside of the codebase seems like something that we agree on. As for an actual solution… go ahead and make a fork if you want then, or perhaps provide a fully-coded solution and see if they will replace their code with yours - for me I’ve switched to PieFed.
Yeah, for sure. Be aware, make your point known and offer alternatives… in the project that you want to change.
Stirring shit on social media isn’t contributing.
Create an issue in the issue tracker is free and takes as much time as writing a post on social media.
This specific issue is something that is 1. Not an issue because the hypothesized ‘attack’ that’s available to lemmy.ml using this system is not being done and, if it was, would be easily detectable. 2. Trivial to change for any instance owner who wants to make another instance the source of their initial community grab. This code is ran once, when the instance first stands up, in order to receive a list of communities to populate the ‘Communities’ tab at the top and after that uses the exact same system as every other instance for adding and removing items from that list based on the local user’s subscriptions. It has no impact on existing servers or communities.
The impact of this issue is currently non-existent and relies on a hypothetical situation that isn’t occurring. If the bar is that low for someone so that they will crash out on social media and swap projects, well that someone is going to be very busy swapping projects… because the FOSS world has an endless source of technical quibbles like this.
You can do whatever you please? I already included a link to a conversation between the Lemmy developers, who are also the instance admins of lemmy.ml, and the admins of another instance, where the Lemmy developers responded so they are already aware.
I would like to do as I please too, therefore I shared some knowledge in response to the wording of “The Fediverse doesn’t work like that”, pointing to an occasion that I know where the Fediverse very much does work like that, sometimes. After that… somehow the goalposts kept getting shifted.
The goalposts didn’t shift, you started talking to a different person.
This person says that this issue is small, the impact of exploiting this system would be minor (if it ever happened), and the hypothetical attack on this subsystem is also demonstrably not occurring.
Therefore, treating this issue as if it were some sort of red-line issue or, really, even worth discussing outside of the context of the project itself (where changes can actually be implemented) is misrepresenting reality.
As to your direct point, it wasn’t my point but I do agree with it so I’m happy to directly address your argument.
The quote you seem to take issue with was :
Or, more plainly:
The Fediverse doesn’t allow a single user to scoop up all of the similarly named/themed communities and use that power to dominate those topics of conversation.
Your reply:
Your reply references code affecting the Lemmy server instance, that runs once on server instantiation, which uses lemmy.ml as the source to populate the list of communities that users of the new instance will see when they click the ‘Communities’ link at the top. This is true.
Your inference that lemmy.ml has the ability to veto what communities are allowed to be acknowledged as existing to new instances is a bit of hyperbole. Lemmy.ml is the source of the initial list, true.
But new instances acknowledge communities existing regardless of those community’s status with lemmy.ml. The moment that a single user reads a single comment in a community that isn’t on the initially seeded list, then it appears in the new instance’s community list regardless of the status of that community on lemmy.ml.
If we were a security researcher and were analyzing the scope of this problem we would consider that
This only affects new instances, so the vast population of Lemmy as it stands now, is not affected by this code at all. Only a hypothetical future population.
The list on lemmy.ml is not treated as authoritative. Outside of the initial values, lemmy.ml is not checked for any other functions related to adding or displaying communities
Any attempts by lemmy.ml to game this system are both not happening and also easily detectable as the list is public and can be compared to other instances.
So, this veto power isn’t being used. If lemmy.ml were attempting to leverage this power, it would be detectable. In the worst case, if were actively being exploited then it would affect very few people(none of the current Lemmy community), and the people that it did affect are impacted only until a user reads a comment or post from a ‘vetoed’ community.
Also, this is an open source project so saying things like:
Simply make no sense at all.
You can change it. Any admin who thinks it may be a problem can change it. I linked to the exact section of code where you can just change the URL and compile the .rs file again to use a different instance.
You could change it so that the URL is read from the options file that the administrator sets prior to launching the instance. You could also submit that as a PR so that future administrators could just apply your patch (independent of it being accepted by Lemmy) because that’s how open source development works. That’s what the quote that you provided means:
It sounds dismissive, because it is. This isn’t a product, you’re not a consumer. You’re going to people who donate their time and telling them to do work in a way that you want it done. They may agree, and you may be able to make good arguments to convince them but if they don’t, then brigading social media or spamming their issue tracker with requests isn’t going to get it done.
If you don’t like it fork it and fix it. It is a fundamental concept in open source software that you can always fix problems that you see and other people can use your fixes regardless of what the project thinks. If you think the project is going in the wrong direction then you are perfectly within your rights to take a copy of the code and develop it in your own way and if you can find other people who believe like you do then they can use your changes as they see fit.
But going online and misrepresenting the risk of some code update that you disagree with by exaggerating the scope of the problem isn’t how you get anything done except creating needless drama.