Hi,
this was unfortunately an error on our end.
Please bear with us while we work on resolving this situation.
MrKaplan
0 Post – 43 Comments
Joined 8 months ago
it's mostly !asklemmy@lemmy.ml, !asklemmy@lemmy.world, !opensource@lemmy.ml, and !selfhosted@lemmy.world, though some of the latest spam also started arriving in !warframe@dormi.zone.
the bot has been marked as bot since the very beginning and is also clearly marked as bot in the screenshot, so your comment does not apply here.
Us not upgrading has nothing to do with making a point.
We're aiming to run a stable instance, which can come at the cost of delayed updates.
We didn't update to 0.19.4, and a few weeks later 0.19.5 was released with a number of critical bugfixes.
0.19.6 will have several more fixes for issues introduced in 0.19.4+, such as a fix for remote moderators updating local communities, allowing admins to filter modlog entries by moderator, as well as some performance issues reported by other instances.
We usually wait for other instances to run the latest version for some time to allow bug reports to surface before we update ourselves.
this is a separate issue unrelated to the 0.19 update.
we were only counting users active in the last 6 months (based on lemmys active user stats) for this calculation. with the update to lemmy 0.19 back in march 2FA for all existing users was reset, so all users that had 2fa set up before and never reactivated it wouldn't count towards this, nor would users that weren't active at all since then.
@PugJesus@lemmy.world, you might have been posting only for LW users for a while :-/
this is unfortunately correct for the time being.
while we still have aggressive rate limits in place to limit federation impact from kbin bugs, which started with the measures that @sunaurus@lemm.ee mentioned, this wouldn't impact activities coming from lemmy.world towards kbin.social.
while kbin.social used to break down every now and then based on what i saw people comment, service was typically restored within a short period of time. more recently however, any time i've looked at kbin.social in the past couple weeks, it's only been showing an error page. i suspect it may have been unavailable the entire time, not just at the times i looked at it. looking at our federation stats, the last successfully sent activity from lemmy.world to kbin.social was dated 2024-06-18 00:12:25 UTC, although the actual send date may have been later. successful is also not necessarily guaranteed, as some error codes might be misinterpreted as success due to how servers can be set up and how response status codes are interpreted on the sending side.
if activities sent from lemmy.world don't reach kbin.social then the posts and comments won't be relayed to other instances. this is generally an issue in activitypub when instances are down, as such "orphaned" (at the time) communities effectively become local-only communities, isolated islands on all instances that already know about them.
at this point, the last time we've received an activity submission (federation traffic) from kbin.social as on 18th of June, so it seems like it was working for some time on that day and has been broken since.
at the start of this month, @ernest@kbin.social (kbin.social owner, main kbin dev) said that he was going to hand over management of kbin.social to someone else, as he's currently unable to take care of it. presumably this hasn't happened yet.
Lemmy.World is legally primarily bound by the countries listed here.
If we get a request, of course we will evaluate that request.
When it comes to taking down content, such as copyright infringing content, we may err on the side of caution to reduce the legal risk we're exposing ourselves to.
When it comes to handing over data that is not already publicly accessible, such as (not-really-)private messages or IP addresses of users, we will not "err on the side of caution" and hand out data to everyone, but we must follow the laws that we're operating under. See also https://legal.lemmy.world/privacy-policy/#4-when-and-with-whom-do-we-share-your-personal-information.
they appear to be advertising their "criminal organization", listing some of the illegal activities they do and where to find them.
no, the join was bad
This was unfortunately an error on our end.
Please bear with us while we work on resolving this situation.
this was not a Lemmy bug.
If you're referring to the post Ex Redditors of Lemmy what made you come on over? What happened at Reddit that you made the switch?, their account was banned for trolling and all content associated with the account was removed.
::: spoiler Some examples of their post titles, that likely contributed to their ban
- African Americans (I hope that PC) have you ever gotten the N word tossed at you and how did you react or feel?
- How come in most games including the community of gaming I can't mention the word Nazi for have a civil conversation? :::
They also had a number of other posts that seemed to be doing just fine, so it might be falling in the "stupid kid" category.
The post has since been restored by a community moderator, although the user's account on lemmy.ml is still banned: https://lemmy.world/post/17593614
correct.
we don't have an eta currently. we're still keeping an eye on issues reported by other instances.
which features are you looking for?
2FA has been restored for all LW users that had it enabled before and didn't reactivate it on their own since.
There will be an announcement posted later on explaining what happened.
edit: announcement is out: https://lemmy.world/post/18503967
it's not just this community getting hit.
it's mostly !asklemmy@lemmy.ml, !asklemmy@lemmy.world, !opensource@lemmy.ml and !selfhosted@lemmy.world, though some of the latest spam also started arriving in !warframe@dormi.zone
Most of these are unfortunately limited to local instance moderation, which means all instances that don't run these bots don't benefit from them.
The posts have already been modified in ways that they aren't as easy to reliably filter anymore, though still possible with fairly low false positive rate.
To add to this, depending on how content is removed, removal may or may not federate properly. on Lemmy.World, we've been removing content in a way that reliably federates, so while a lot of this spam does arrive in !asklemmy@lemmy.world and !selfhosted@lemmy.world, the removals on Lemmy.World should federate to all other instances (0.18.5+).
The other portion of the spam is mostly on Lemmy.ml, in !asklemmy@lemmy.ml and !opensource@lemmy.ml, and not all of their removals have been done in a way that federates.
It's not automatic, admins have the option to ban with or without content removal.
Different instances deal with this differently and admins are also humans that sometimes make mistakes. Especially during holiday season there are frequently trolls running around with racist, transphobic or other offensive content. Sometimes they're more obvious, sometimes they try to fly under the radar a bit by being less direct. In the end you're at the mercy of the instance admins of the instance you signed up with and many instances will provide contact information to appeal bans.
Since this account was not a Lemmy.World account it's not up to us to decide whether or not the user should be banned and whether their content should be removed.
you may have been thinking of https://poliverso.org/objects/0477a01e-1166-c773-5a67-70e129601762, which was neither lemmy devs, mastodon devs nor lemmy.world admins
It depends on who you're trying to message.
Devs: https://join-lemmy.org/contact
Admins of Lemmy.World: see the post that @Deestan@lemmy.world linked already
Admins of piefed.social: https://piefed.social/about
Community moderators: check the community sidebar, it will show the moderator list
Your Lemmy.World account has been unbanned a couple days ago btw.
The execution should have been better, but the decision itself was a team decision, not an individual admin decision without talking to the rest of the team.
FAILED
for a magazine to show up on lemmy, a logged-in user needs to visit it first. afterwards, to ensure that new content is published to lemmy instances, someone from that instance needs to subscribe to the magazine. this needs to happen on every instance as far as i know. this is one of the reasons services like https://lemmy-federate.com/ or https://browse.feddit.de/ exist.
feel free to reach out to me directly via matrix at @mrkaplan:lemmy.world if you want
edit: fyi, mentions of @lwadmin@lemmy.world will usually not be seen.
we've switched from using multiple federation sending containers (which are supposed to split receiving instances across workers) to just using a single one.
I'm a member of the Lemmy.World admin team.
Also, anyone can look at the moderation log at https://lemmy.world/modlog
2FA has been restored for all LW users that had it enabled before and didn't reactivate it on their own since.
There will be an announcement posted later on explaining what happened.
edit: announcement is out: https://lemmy.world/post/18503967
image proxying is currently not usable for us anyway, see e.g. https://github.com/LemmyNet/lemmy/pull/4874
it is indeed mostly like related activities we're seeing
except it doesn't work well for the rest of lemmy/the fediverse.
many other instances seem to be getting hit by this, but they don't have as many activities generated locally for this to become much of a problem. additionally, this is mostly affecting instances with high latency to the instance that is being flooded by kbin, as lemmy currently has an issue where activity throughput between instances with high latency can't keep up with too many activities being sent. the impact of this is can be a bit less on smaller instances with smaller communities often not having as many subscribers on remote instances, although we've seen problems reported by some other admins as well. this includes e.g. kbin.earth, which i suspect to have been hit by responses from a lemmy instance, while the lemmy instance was actually only answering the requests sent from that kbin instance.
during the last peak, when we decided to pull the plug for now, kbin.social was sending us more than 20 activities per second for 7 hours straight. lemmy.world can easily handle this amount of activities, but the problem arises when this impacts our federation towards other (lemmy) instances, as e.g. votes will get relayed by the community (magazine) instance, which means, depending on the type of activity being sent, we might have to be sending out the same 20 requests per second to up to 4,000+ other fediverse instances that are subscribed/following the community this is happening in. trying to send 20 requests per second, which lemmy does not do in parallel, requires us to use at most 50ms per activity total sending time to avoid creating lag. when the instance is in australia, with 200ms+ latency, this is simply not possible.
looking at the activity generation rates of some popular lemmy instances, anything that is significantly above lemmy.world is likely not just sending legitimate activities.
ps: if you're wondering how i'm seeing this post, you can search for a post url and comment urls on lemmy to make lemmy fetch them, even if they haven't been directly submitted through normal federation processes. this requires a logged in user on lemmy's end.
as I'm very tired right now, I only want to comment on one of the arguments/questions you brought up.
you're asking for the difference between taking down content and providing information about users.
its very simple actually. sharing non-public data is a very different story than removing access to otherwise public information, whether it's originally coming from Lemmy.World or elsewhere.
when we take down content, even if it's more than legally strictly necessary, the harm of such a takedown is at most someone no longer being able to consume other content or interact with a community. there is no irreversible harm done to anyone. if we decided to reinstate the community, then everyone would still be able to do the same thing they were able to do in the beginning. the only thing people may be missing out on would be some time and convenience.
if we were asked to provide information, such as your example of a Texas AG, this would neither be reversible nor have low impact on people's lives. in my opinion, these two cases., despite both having a legal context, couldn't be much further from each other.
the bot has been marked as bot since the very beginning and is also clearly marked as bot in the screenshot as @blackn1ght@feddit.uk already mentioned.
i also just checked on db0 in case there was some federation issue that would have the account not be marked as bot over there and it's also clearly marked as bot when viewed on db0.
The ToS had no rules on misinformation at the time.
it still had rules about animal abuse, which this misinformation, had it actually been misinformation, would have lead to. while the removal reason could have been more clear, the justification was still covered by our ToS.
new rules created to back their talking points
the additional rules provided more clarification on what we intend to achieve with them, but they would not be required. based on what we know today the removal was neither justified by the original ToS nor by the updated ones.
The animal abuse alleged at the time was that there was supposedly no healthy vegan cat food.
While the section of the rules was the same (violent content), animal abuse was a separate sentence, not the one about visual depictions:
No visual content depicting executions, murder, suicide, dismemberment, visible innards, excessive gore, or charred bodies. No content depicting, promoting or enabling animal abuse. No erotic or otherwise suggestive media or text content featuring depictions of rape, sexual assault, or non-consensual violence. All other violent content should be tagged NSFW.
This is the exact same paragraph we have today and we had before these changes.
If there was no healthy vegan cat food then this would be considered content enabling animal abuse.
I never said that it only requires harm down the road.
Cutting body parts off or even just cutting them without good medical reason (e.g. risk of death without amputation) is of course also animal abuse.
For hiding pain, you're attacking a strawman, because I already addressed that in my previous comment.
we do not consider feeding a cat vegan food as animal abuse, provided there are no health issues arising from this.
most of the research i've looked at seems to point out that there are various pitfalls, e.g. just feeding a cat vegetables will result in malnutrition. having synthetic additives for this can be one way to address that problem. just because something is sold as vegan cat food that doesn't necessarily imply that it's healthy for the cat, as some of the articles were pointing out that some of the cheaper ones were lacking the right ingredients.
as an example, "my cat now only gets potatoes and apples and nothing else" would be considered animal abuse.
additionally, if moderators were to remove arguments pointing out the risks of e.g. missing nutrients in a civil discussion and leaving the other side that just argues "vegan cat food works" without any arguments as is then we would also consider this animal abuse.
in this specific incident the conversation was certainly not civil, which is unfortunate, as this situation would likely have gone a very different way if it was.
fwiw, it does not appear to be triggerable from within lemmy at this time.
I've just tried this on another instance and lemmy complains
The webfinger object did not contain any link to an activitypub item
I suspect this currently can only be triggered from threads.
maybe I misunderstood your comment, I read your Texas AG example as asking for information about users. did you mean Texas AG asking for the removal of comments where people are stating they're trans?
so far this has been a single case with kbin.earth and lots and lots of cases with kbin.social.
no other instances have been observed behaving like this yet.