After a year online the free speech-focused instance ‘Burggit’ is shutting down. Among other motivations, the admins point to grievances with the Lemmy software as one of the main reasons for shutting down the instance. In a first post asking about migrating to Sharkey, one of the admins states:
This Lemmy instance is much harder to maintain due to the fact that I can’t tell what images get uploaded here, which means anyone can use this as a free image host for illegal shit, and the fact that there’s no user list that I can easily see. Moderation tools are nonexistent on here. It also eats up storage like crazy due to the fact that it rapidly caches images from scraped URLs and the few remaining instances that we still federate with. The software is downright frustrating to work with, and It feels less rewarding overall putting effort into this instance because it feels like we’re so isolated.
A few weeks later, in the post announcing that Burggit was shutting down, another admin says the same:
The amount of hoops that burger has to go to in order to bring you this site is ridiculous. To give you an idea of how bad this software is, there’s no easy way to check all the images uploaded to the site (such as through private messages). When the obvious concern of potential illegal imagery is brought up to lemmy devs, they shrug and say to plug in an expensive AI image checker to scan for illegal imagery. That response genuinely has me thinking that this is by design, and they want it to be like this. We can’t even easily look at the list of registered users without looking through the DB, absolute insanity.
The other thing is there’s no real way to manage storage properly in Lemmy, the storage caches every image ever uploaded to any instance forever.
Also the software is constantly breaking.
They also say that Kbin has many of the same problems, so I’m just curious to know if the admins of bigger Lemmy & Kbin instances feel the same way about these software.
When I started working on PieFed I was all enthusiastic about the idea of moderation tools. But when it came time to actually code that functionality it was like pulling teeth. Just. Sooo. Boring. It took weeks longer than it should have, for that reason. This was really surprising to me because I’m deeply passionate about moderation and ‘gardening’ a community.
That’s the thing about open source, people just do the fun stuff. There’s always some fun stuff to do which distracts from the boring-but-necessary.
There’s people who like building this sort of code. I don’t mind it for example and I’ve already written multiple of them for the lemmy ecosystem (fedi-safety, fediseer, threativore etc), I’m just too busy with my own projects to contribute even more. If you are not having fun doing them, try to find and retain people who do.
there was a discussion about this same post before, I’ll just copy paste my comment…
That post complains about not being able to view/manage images hosted by your instance, but v0.19.4 already fixed that last week? So that kinda disproves them saying the Lemmy developers didn’t want it to be possible. Also the post complains about the amount of storage used by caching images but that was also fixed/improved in v0.19.4
I’d really love it if people stop saying “it’s by design” when they can’t point to any motivation for that design. When the quoted admin says “thinking this is by design” this is equivalent to saying “Lemmy developers prefer that there be no image moderation tools.”
Like, what. Why would they want that. They clearly don’t want that. They’re working on changing that.
It’s very hard for people to accept that there are other things that may need to be worked on before their requested fix/feature. Every big project has a huge backlog of issues/feature requests, you can’t do them all in 1 day or even 1 year. Especially with low funding lol.
Though Lemmy has funding for full-time developers.
And it’s not like other features get implemented in the meantime. Progress is really slow here, even compared to hobby projects.
Edit: Lol, thanks for downvoting.
Though Lemmy has funding for full-time developers.
barely, edited it to say low funding
I hope the plugin system will attract more contributors, especially since it supports a variety of languages
I’m not sure about the numbers but it should be like 6,600€ a month?! join-lemmy.org shows 3,656€ per month from donations, plus ~750€ a week they said in their last AMA from the NLnet fund.
I’m not sure if I’d consider that low… Sure it’s not much compared to the revenue of a commercial platform. But still, you can build something with like 2x40h weeks. (plus a community)
Maybe they already factored in the 3k from NLnet and it’s just 3.6k in total, I don’t really know. But they’re always talking about two full-time developers plus one more they’d like to pay… So that makes me think it’s probably 6.5k€. Maybe someone can fact-check it.
Funding isn’t that high, they launched a funding drive in October:
Before the Reddit migration, our income was almost exclusively made up of generous donations from the NLnet foundation. This funding was based on getting paid for implementing new features, specified in advance.
We’ve known that this funding could not last indefinitely, and that after several years of funding, NLnet’s resources are better spent getting other projects up and running. Additionally, much of our time is spent on other equally important work: reviewing changes from community contributors, fixing bugs, doing support, and various organizational tasks.
That is why we are launching our first annual funding drive. The goal is to increase monthly, recurring donations from currently €4.000 to at least €12.000. With this amount @dessalines and @nutomic can each receive a yearly salary of €50.000 which is in line with median developer salaries. It will also allow one additional developer to work fulltime on Lemmy and speed up development.
https://join-lemmy.org/news/2023-10-31_-_Join-Lemmy_Redesign_and_Funding_Drive
I couldn’t find the details of the current status of the NLnet funding at the moment, maybe if someone has that number?
The donation pages shows 3600€ for the both of them: https://join-lemmy.org/donate
AFAIK the NLnet funding is still running and there were still some milestones to claim as I last asked them in some AMA. Should be paying them an additional 3.000€ a month?!
They really should be more transparent an link that stuff and their progress.
Should be paying them an additional 3.000€ a month?!
How much do you think a full time Rust developer makes?
Kinda depends on productivity. I’d say 45k to 60k€ is alright for an average coding job in some company. I don’t know the details here. For self-employed people that varies a lot and developing Lemmy propapbly doesn’t compare to a salaried job at all.
It also is true that ideologically-motivated-coding is an actual thing.
Imagine someone hating that their propaganda gets deleted by moderators, so they make it difficult for moderators to function that way…
while they, themselves, just so a SELECT on their DB to see the images, to delete all the ones they don’t want…
Remember, it isn’t only corporations who are committed to enforcing the Enshittocene, ideologues do, too.
Those comments are proven false by the dot-4 release of Lemmy, but I’m not accusing the Lemmy devs of being the way those post-quoted comments said.
I AM stating, bluntly, that deliberate torque on the use of ANY aspect of an app, is a thing, now, and need be considered as ONE of the possibilities.
_ /\ _
Lemmy is heavier on the cpu than for example mastodon or matrix are but a lot less on the harddrive. Its insane. I use matrix the most, then lemmy, then mastodon. Still, mastodon sucks hdd like crazy, matrix as well. Only lemmy is easy on the hdd.
Of course I‘m running private instances. You can never know why public instances go bonkers. Maybe someone is abusing it for other things.
Anyway, lemmy does have some moderation tools but I agree. They need work. You have to know a lot about linux, databases and have to figure out a lot of stuff if you have problems with lemmy. Thats not okay.
But as always with foss. If you run a public instance, you should accept donations and if they dont cover the costs so you can pay someone to make a fork for you that has what you need, you might be doing something wrong.
I’ve got my Mastodon and Lemmy servers hooked up to a postgres server that’s running separately, and the CPU usage between the two is now about the same.
That actually proves that Lemmy is more efficient, because it’s handling a hell of a lot more data. I don’t follow a lot of big accounts, and I’m the only user on my server, so I rarely get more than 40 posts + metadata through Mastodon. On Lemmy, however, each post can easily produce hundreds of events to process because of comments and likes all federating out.
In total, Lemmy seems to be heavier, but only because it does more. Mastodon is super inefficient, especially with things like RAM. I think it has something to do with the framework and language it’s running on; Gitlab seems to be using the same runtime and that eats through RAM like crazy as well.
Thanks for commenting on this. It‘s cool to have more peeps share their experiences.
On the lemmy part I‘m partly with you. Lemmy itself is not the issue. It is what it does with postgres. I have multiple postgres instances, one for each service. The lemmy postgres is insane while the mastodon postgres is easy on the cpu.
This Lemmy instance is much harder to maintain due to the fact that I can’t tell what images get uploaded here, which means anyone can use this as a free image host for illegal shit, and the fact that there’s no user list that I can easily see. Moderation tools are nonexistent on here.
0.19.4 provides a way to see uploaded images (although not the best) but this version was only recently released so I can see where the frustration is coming from especially since the CSAM attacks happened nearly a year ago. At the time, I had to make a copy of pictrs, view everything on a file manager, and manually remove those images. People can still upload images without anyone seeing it however.
It also eats up storage like crazy due to the fact that it rapidly caches images from scraped URLs and the few remaining instances that we still federate with.
This was fixed in 0.19.3 (released 7 months ago) where you can disable image “caching”. This has solved storage costs for us together with pictrs’ image processing.
plug in an expensive AI image checker to scan for illegal imagery
It’s unfortunate that we need this. Not everybody has the resources to run fedisafety nor does everyone live in USA where they can use Cloudflare’s CSAM scanner. I think a good way to deal with the issue is to have images that are not public, not be stored (or have no private images at all). This way images can be easily reported.
Overall, I understand the frustration and to some degree I also feel the same but I also limit my expectations considering the nature of the project.
I’d just like to point out that most of the complaints referenced in this post are at least partially being addressed with the latest release of Lemmy, 0.19.4
From the release announcement
Image Proxying
There is a new config option called image_mode which provides a way to proxy external image links through the local instance. This prevents deanonymization attacks where an attacker uploads an image to his own server, embeds it in a Lemmy post and watches the IPs which load the image.
Instead if image_mode is set to ProxyAllImages, image urls are rewritten to be proxied through /api/v3/image_proxy. This can also improve performance and avoid overloading other websites. The setting works by rewriting links in new posts, comments and other places when they are inserted in the database. This means the setting has no effect on posts created before the setting was activated. And after disabling the setting, existing images will continue to be proxied. It should also be considered experimental.
Moderation enhancements
With the URL blocklist admins can prevent users from linking to specific sites.
Admins and mods can now view the report history and moderation history for a given post or comment.
The functionality to resolve reports automatically when a post is removed was previously broken and is now fixed. Additionally, reports for already removed items are now ignored.
The site.content_warning setting lets admins show a message to users before rendering any content. If it is active, nsfw posts can be viewed without login, after consenting.
Mods and admins can now comment in locked posts.
Mods and admins can also use external tools such as LemmyAutomod for more advanced cases.
Media
There is a new functionality for users to list all images they have previously uploaded, and delete them if desired. It also allows admins to view and delete images hosted on the local instance.
When uploading a new avatar or banner, the old one is automatically deleted.
Instance admins should also checkout lemmy-thumbnail-cleaner which can delete thumbnails for old posts, and free significant amounts of storage.
As you can see, there were many improvements to the moderation tools and image hosting UX/storage requirements. There’s obviously still room for improvement, but everything else out there has glaring issues as well. Mbin/PieFed are even less polished than Lemmy at this stage, although they are progressing quickly.
Also worth noting that most of the replies to the first post express a strong user preference for Lemmy over Sharkey.
Good riddance to burggit. Manny legitimate complaints but absolutely good riddance.
What’d they do?
I haven’t had big problems honestly. Still have less than 100GB of storage, which is like 0 dollars on object storage.
I found it very easy to start with the ansible setup and later changed to self managed docker. I even moved servers once and it worked fine.
Overall I haven’t had any issues, but I’m also a software engineer so maybe I know more than others. There are some missing features for sure, but I don’t think it’s so bad so far at least.
This is why I made Lemmy Post Purger (LPP).
What are the big mbin instances? I can’t seem to find any
mbin.social ;-)
https://mbin.fediverse.observer/list https://fedidb.org/software/mbin
we’re “spread” out on purpose to avoid becoming an unwieldy behemoth like kbin.social…
fedia.io is the largest one
fedia.io is the biggest one and the one I’m using, there’s also kbin.run and kbin.earth
also kbin.run and kbin.earth
They’re asking about mbin, not kbin, no?
@threelonmusketeers@sh.itjust.works Both of these instances use mbin, there’s pretty much no instances left on kbin except kbin.social, almost all instances migrated to mbin
@MattWalsh@sh.itjust.works @Glowstick@lemmy.world
Kbin.run runs mbin, the name is historical
Same with kbin.earth. Unfortunately, one problem with the fediverse is that everything (users, magazines, posts, comments, etc.) is tied to the instance’s domain, so it can’t really be changed at all.
Ah, thanks. Even if it is a bit confusing, it’s cool that they were able to switch out the underlying software without breaking everything. I guess it helps that mbin is a fork of kbin.
Only the storage usage has been a problem for me, but that is much easier to handle now. I do wish there was some better documentation for exactly that.
I’m not sure about the software always breaking, I haven’t had this issue. I will say though this most recent update (19.4) has me frustrated, mainly because the instructions are clear as mud (especially pictrs 0.5). Once I get it figured out I’ll have to post a real upgrade doc instead of what is currently available. I have never seen the lemmy matrix as busy as it is now with upgrade questions and puzzled admins.
I used to do a pretty frequent task to find any image in my media directory, which has atime longer ago than a week ago, which hasn’t already been crunched in some previous round, and crunch the hell out of it with either
mogrify -qualityorpngquant. All of these softwares like to keep full-quality copies of a basically infinite number of images which there’s about a 99.9% chance will never be needed again, and you can crunch them down to a tiny fraction of their original size, and they still honestly look more or less fine.How does piefed compare python/flask is far easyer to develop I really think moving away from developer with such extreme politics is a good idea.
deleted by creator
(instance admin here, but for a small one) woof well, for me, I agree, but I wouldn’t use that wording.
Lemmy for sure isn’t a plug and play site. Setting it up took leaps and bounds, learning way more about nginx than I ever really cared to, and figuring out documentation that was very clearly out of date. Very little logging or error messaging exists to help with that problem.
Very little errors exist at all, it’s very much a “happy path” project. That’s why we get constant spinners everywhere, because when an HTTP error occurs there’s no actual error message. (Come on guys, just add it to your standard HTTP messages, if statusCode < 200 || >= 300 then show a toast message).
But yeah, the moderation tools have to be the worst. Lemmy has an amazing development group that’s separate from the main developers who have patched together a good set of tools, from automods to CSAM and illegal scanning, huge props to them - but these issues are routinely ignored by the main devs. I was shocked, honestly shocked that when we were under CSAM attacks that there was not an immediate roundtable of the head devs to try to solve the problem officially. Here was a problem that 99% of countries would immediately and gladly throw us, the instance admins, in jail over and they just handwaved it away. In fact, I don’t know that there was ever an official post about it, or even that there are things coming to help with it.
I love Lemmy and being here, and the devs have done a great job at building this platform for us, but we’re at a critical point right now. It’s no longer software that is just fun side projects and building stuff that looks cool, it has some real issues now that it has a real userbase. I’m definitely one to say “But it’s FOSS, and other people can pick up and submit a PR” - but it also says something when the head devs just completely ignore a massively huge issue with it.
Bugs and caches and that sort of thing I can overlook. Those I can wait on and see them get smoothed out over time. Actual issues that could land me in jail or get the feds to beat down my door? Those I kind of expect a fast response.
So, I’ll say I’m extremely conflicted. I want to host lemmy long term, and I’m happy to bring the fediverse to a few more people, but the csam attacks really altered my view of the devs.
Edit - because my favorite manager said “Bring me solutions, not problems” a few things that would really help immediately -
- Integrate db0’s CSAM checker natively, more or less a plug and play option, or a checkbox. His checker sits at an endpoint. The admin page of lemmy could easily have you plop in the endpoint and it would start checking
- Have an image management portal, with capabilities to:
- Auto remove images after X time (to help with ballooning storage costs)
- Perma-delete images and users (maybe blurred too if the CSAM checker flagged it, so I don’t need eye bleach) (Edit again, 0.19.4 might have fixed this, I need to upgrade so I’ll see)
- Federating image purges, so one purge on one server will force purge it on everyone else’s
- ~~Disabling of caching other server’s images ~~ (Edit again, I see 0.19.4 just dropped which has this, so this is good). This way I’m only responsible for my own users.
- View images that are not related to a post (DM’d messages that I’m hosting, or people just uploading images to my site)
- Bring in a logging system into the UI itself, so I can keep tabs on the error logs. I can pipe them somewhere, but this would be a major plus as an admin
Dont forget the complete ignorance of gpdr. That shit will get you fucked over, and its not as simple to follow as it seems.
In fact, Im not 100% sure that federation works with gpdr, since you cant garantee all data will be deleted.
I’m not sure it’s that difficult to follow. If you offer a service in the EU, you are responsible for your server deleting personal data (or, even better, not even hosting it in the fist place!); you are not responsible for other people not deleting their copy of personal data.
But I’m not that well-informed in the actual legalese so my best understanding is the big issue is the EU’s definition of “provide service to the EU” more than anything else. They seem to think that just because your users might upload a local copy of a picture of someone from the EU, even if you yourself are not allowing connections from the EU, then you are serving to the EU. And with how nazi the EU has been going lately with stuff like ChatControl, the last thing I’d want as an instance owner is to be upheld to arbitrary boomers’ (lack of) understanding of technology.
well, kbin is somewhat defunct. mbin is under active development, and many of these things are on their radar. moderation tools are coming along, user list is not really an issue. they even got mfa workin!
these applications and the environments they are building are in their infancy. instance admins cannot expect a mature product, or that they wont need to get their fingers dirty to implement features they want. lemmy is at what, 0.19.4?
the image caching/filtering is good example of an ongoing concern 'verse-wide. as the lemmy devs pointed out, if this is a solid concern as an admin you would implement file scanning. if you absolutely want to use lemmy and need a user list, build it.
this shit is not turn-key
e. ive been running mbin at https://moist.catsweat.com almost a year
