maybe more privacy features, like offering an invidious link when someone posts youtube, nitter for twitter, stuff like that
this post was submitted on 12 Dec 2021
2 points (100.0% liked)
Lemmy
496 readers
3 users here now
Everything about Lemmy; bugs, gripes, praises, and advocacy.
For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.
founded 4 years ago
MODERATORS
We could add helpers in the ui, like the one we have on the create post page for using an archive link. But overall I'd like a link aggregator to remain mostly agnostic about the links being posted ( we also do remove some tracking / utm params tho ).
The other thing is there are many of these 3rd party viewers, and they go down quite often and leave dead links. We'd use it if someone made a rust or js library for it tho.
Human readable URLs! The URL is a very important part of a site's user interface, and lemmy's URLs currently just have a post number - there is no title, or even the name of the sub-community. Compare this to reddit: when I paste a friend a reddit URL in chat they get two hints about what it is about: the subreddit name, and the post's title, both embedded in the URL itself. This lets them decide if they want to click it now, or later, or never, or to recognize if they've already seen it. Lemmy links should be like that.
The ability to tag posts (what are called "flairs" on reddit)
Is it possible to unblock user, whom I accidentally blocked? Seems not to work
saving posts
Click more options, then the star.
I just would want the option to view pages as lightweight, static html with low or no JavaScript, even if it means pages are not interactable.
I also think it would be nice if there were additional themes, and that the things fundamentally rethought how much white space was put all over the place. There's so much potential with the things, but I genuinely just don't think they are reaching their potential right now.
Lemmy UI works with javascript disabled, but you can only read things, everything else doesn't work.
It would be nice if the RSS feeds were advertised. For example if I browse https://lemmy.ml/c/lemmy I wouldn't know there was an RSS feed until I find and click the little RSS icon.
If a <link> to the RSS feed was provided my browser extension would light up and I can subscript just by putting the community URL into my reader instead of having to spot the RSS button on the page.
The RSS feed is advertised, on that button. There is an <a href to that RSS feed also, so I'm not sure why your browser extension wouldn't pick it up.
I'm talking about RSS auto-discovery via <link> tags. In the head of the page there should be a link take like <link rel=alternate type="application/atom+xml" href="https://lemmy.ml/feeds/c/lemmy.xml?sort=Hot">. This way browsers, extensions, search engines and feed readers can discovery the link automatically without the user needing to identify the feed link on each site.
Ah cool. Should be easy enough to add, open up an issue on lemmy-ui with this info.
I'd like to block/hide certain communities from the "all" view. That way I can browse posts that I'm not subscribed to, but skip stuff I know I'll never care about.
We added this a few months ago. Go to your profile settings, and the blocks tab.
It would be nice if there was a button on the community profile to make this easier to discover and use.
There is one on all community pages.
I would be happy to see client-side password hashing implemented.
I understand that responsibility of using unique passwords falls on the user, and maybe a truly malicious instance would be able to remove the hashing (although I think that it would be possible to check if non-hashed passwords leave the client). However, the reality is that many people still re-use their password for many websites and do not use 2FA when not required. Password hashing would reduce the level of trust required of the instance makers.
On a similar vein, it would be nice to anonymize the ip addresses that are printed to the docker logs if possible, similar to the nginx logs. I think that this would be easier to undo for a malicious instance, but at least they would need to have a bit more technical knowledge to get to this information.
The back-end already does password hashing using bcrypt.
This protects the database from a breach, but someone can set up an instance and collect the passwords from the logs:
As far as I can tell with my very limited experience, back-end encryption is the standard. One trusts the host not to steal their passwords from the logs, so protecting the data in the case of a breach is good enough. I think that it would make sense for the standard in the Fediverse to be different. Passwords should be encrypted by the client by default, and then re-hashed back-end.
It is also possible that what I am saying does not make sense in practical grounds - this is just something that surprised me while looking through the logs. I was under the wrong impression that plain text passwords were never accessible before looking into this topic.
We've recently removed that logging line, which logged all websocket requests. But yes most importantly, the database stores no plaintext passwords.
You don't want to client side hash passwords before sending, because different clients might not do it the same way. But also we have to add oauth at some point, so 3rd party clients don't even have to know your pass. This is less important with open source apps imo, which are the only ones we're gonna link to anyway, but it'd be nice to have.
That's very nice. Thank you for your hard work! I am curious about oauth. I did not know that 3 rd party clients needed to know the password, I will look into that!
REPOST!!!!!!!!11
- How can we make the federated Lemmy more seamless? The in message community mentioning syntax, for instance, could use refinement
- How can we support different languages better?
- Is it possible to avoid the space for radicles that comes with federated platforms while still maintaining the values that a federation stands for?
- Working out minor quirks that lower trust, like the 502 page when logging out, randomly being logged out until you reload, no css occasionally, and the free .ml [[domain]] for the flagship instance
Than, how can we attract users, specifically from different countries?
The first thing that comes to mind before advertising is attracting other communities from Reddit, but why would they come? Voat attracted members because the alt right was unwelcome on reddit, but most communities dont find a huge need to switch, even if they feel things could be better. The one exception is the privacy/Foss community, but it's a small one and perhaps not the best Target audience, let alone one of many nationalities.
If the above paragraph was somehow an attraction plan despite no internationality, some more issues would need to be ironed out:
- can we offer reddit import?
- can we make a compelling offer for everyone
- can we have an attractive landing page
In line with 3, I think at some point some branding consideration is needed, ie
Lemmy: a world for everyone
With an illustration of stuff being shipped between different planets, one covered in flowers, another in factories and tech, and one more with ???
As an idea.
I am interested in your strategy ideas for growth. While I am rambling, worth noting that a democracy system is my long term dream, although far off in the pipeline
About radicals and that stuff. Block them, they sure will create their own instances, ignore them. Federation is censorship resistant. So just ignore them, if you maintain an instance you can prohibit them if u want.
An option to block someone from commenting in your community to avoid trolling.
Entrance only if followed or based on specific levels...
- Needs x amount of months membership on Lemmy to comment.
- Needs x amount of comments or and post submissions.
This would also help fighting spam and trolls with alt-accounts to create an account, troll-up here, down-vote everything + shit-post. Since you could restrict voting as well with the idea.
We recently added private communities, and might eventually add some new user limitations... but I'm very wary of reputation or gamified based systems, or one that isn't welcoming for new users. It'll need lots of discussion before we add anything like that.
- OTP-based 2FA
- Choose pronoun (which could be based on https://pronoun.is project)
For the second one, why don't just make a profile description? It gives you way more space to talk about you.
PD: We REALLY need otp2f2
The pronouns appear whenever you write a post or a comment next to your name in HexBear.
That is the way I like.
Ahhh, Yep it makes sense. I also think that adding a profile description will be cool too