I just wished the Lemmy API docs were better lol.
Cr4yfish
0 Post – 34 Comments
Joined 1 years ago
Developer fighting 502s from Lemmys Servers.
takes notes for my own App 👀
Well it's open source, so whenever there's demand someone will fork and maintain it, if the original team ever leaves.
This should be the community icon.
I always wonder when people say something like this. I also develop a Lemmy app myself and don't understand this point, like are you afraid people will complain about your code cleanliness or commenting techniques?
I mean what extra work is there really? Moving secrets to environment variables is annoying, I get that at least.
I mean no offense to you at all, really, but when I check out other Lemmy apps I don't even bother with closed source ones since I can't possibly know if you just steal login information. Especially since this is so immensely easy with Lemmy.
Again, I'm not saying you do these things but it's always better being able to check yourself, you know?
Very good point! I think @TheButtonJustSpins@infosec.pub has a good idea on how to circumvent that.
I could make my own database with hashed passwords using postgreqsl and RLS, which is pretty secure. The User then decrypts the hashed passwords once on login and is simultaneously logged into multiple instances of Lemmy to get the JWT of each instance, which is then stored in SessionStorage or even in a Cookie if the User wants to which would make this a one-time process.
On signup the User could just register to one instance and then I just generate random 32 Character passwords and hash them with the Users' password, then get the JWTs and if cookies are enabled the that would only have to be done every year or so (or when the User deletes the Cookies).
This whole process is seems pretty easy, especially if you've done something like this before and I'm betting some other App Dev is already taking notes lmao.
Edit: Let's also do a thought experiment on what data will be leaked if I did this 1:1 and the database gets somehow hacked:
For each User:
- Username (=> Gives away that you use Nemmy)
- Hashed Passwords (=> Hashed passwords cannot be read if you don't have the original Users' password until we have access to quantum computers which can literally crack the encryption algorithm)
You could make like a circular shape on the screen with numbers correlating to the speed on different angles. Then maybe add some rectangle which points at the current speed and effectively changes the angle when the speed changes.
Oh wait..
I'm actually trying to solve this issue on my own Lemmy app. It automatically switches instances when the requested one is down. Works only in the Feed right now and, of course, accounts are still instance-bound - but I will fix that soon.
There actually were a number of French nazis in France during German occupation. It's a topic often disregarded by the countries itself. E.g The Polish government tries to sweep that under the carpet.
I mean there even were Nazis in the US.
You can actually fast travel directly to cities, even when you're in a different system.
That's probably the cbat dude after his gf left him.
No. The ads from brave itself are only on new tabs and notifications.
I'll put this on the roadmap of my App if you don't mind
I'd think it would feel bad having to lie about the music you listen to. Maybe music man is already past denial and in acceptance, just not telling anyone.
But perhaps they're just a douche.
Is this a bot?
Wow that's really interesting.
Thanks for letting me know, I'm still new to Lemmy :).
I would also like to add that there are PWAs (Progressive Web Apps).
PWAs can be installed on most devices and share even more similarities with native apps (Native app = usually installed through app store). For example installed PWAs can be viewed in Fullscreen or work offline, even though they are still technically a webpage.
So the advantage here is that you don't need to use an App Store to have an app installed on your phone.
And the main disadvantage is that the PWA can't access most of the device's APIs, that you could access through a native app. This means worse performance usually, no support for theming beyond dark/light (like Material You), no good access to on-device databases etc. This is also the reason why most apps aren't PWAs.
Off-topic question, but where can you see the stats?
Nice. Is there a GitHub link anywhere? I'd like to use that in my App. I was looking to implement trending communities literally the other day lol.
Which App are you using?
I just cross fingers that the next election won’t be a disaster for us
If the current trend continues I see bad things on the horizon. If the AfD ever becomes part of a coalition then I'll move to the Netherlands. They can't get their shit together as well but at least I don't care about their politics :(.
The people over there are strangely attracted to the propaganda
It's due to the schools in the DDR. Kids growing up there didn't learn a lot about Nazis and also didn't have access to lots of media to teach themselves. Besides they had other problems to deal with.
Then Germany got reunited and one half of the country was completely uneducated about Nazi Germany.
Not to forget most Teachers and professors were still Nazis due to the lack of denazification.
Yes, this. No point in using a VPN/Tor if you disconnect even just for 1 second. That's all they need.
If you log in to any App for Lemmy, they also have access to your Email.
Yes, from what I've seen there are a some people who are concerned about others impersonating them on other instances.
Yeah, it's a web app. I route all requests through my own backend, so it's server-server communication between Nemmy and any Lemmy instance, circumventing CORS by design.
Are you sure the CORS settings are messed up? I tried reaching the API a couple of times from my frontend for debugging and got errors due to authentication security. Are you referring to that or something else?
Ah, yes the classic. The Lemmy dev team really forgot to set CORS headers on an API lmao. Hope they fix that soon.
Nice.
Ah, sorry if I'm being unclear.
I was thinking of combining the user's original password with a random 32 Character string and hash that combination. So basically salting the User's password with random strings. That should work out to multiple passwords I can use.
Thinking of it bcrypt does exactly this, so just running bcrypt a couple of times should be sufficient, no?
Security wise if there was a breach, an attacker would still only have a couple of hashes, none of which are the original password and they can't dictionary attack due to bcrypt.
Also, if an instance was hacked, the worst case would be that the attacker gains access to the hash (if the instance stored passwords in plain text and didn't also hash them themselves).
I'm really tired right now so maybe none if this makes any sense, but I think it does lol.
Good idea! I'll incorporate something like this in my own Lemmy App.
I'm making an App for Lemmy and I'm planning on adding that feature. I also want to make it so you only have to register once and the App can register you to all the instances you choose automatically.
Edit: The Webapp is Nemmy, also the Community !nemmy@lemmy.world
Edit2: Please note that Nemmy is early Alpha, so not really useable as a daily driver yet.
Edit3: Changed Community link to proper format