In the last weeks Lemmy has seen a lot of growth, with thousands of new users. To welcome them we are holding this AMA to answer questions from the community. You can ask about the beginnings of Lemmy, how we see the future of Lemmy, our long-term goals, what makes Lemmy different from Reddit, about internet and social media in general, as well as personal questions.
We’d also like to hear your overall feedback on Lemmy: What are its greatest strengths and weaknesses? How would you improve it? What’s something you wish it had? What can our community do to ensure that we keep pulling users away from US tech companies, and into the fediverse?
Lemmy and Reddit may look similar at first glance, but there is a major difference. While Reddit is a corporation with thousands of employees and billionaire investors, Lemmy is nothing but an open source project run by volunteers. It was started in 2019 by @dessalines and @nutomic, turning into a fulltime job since 2020. For our income we are dependent on your donations, so please contribute if you can. We’d like to be able to add more full-time contributors to our co-op.
We will start answering questions from tomorrow (Wednesday). Besides @dessalines and @nutomic, other Lemmy contributors may also chime in to answer questions:
Here are our previous AMAs for those interested.
Do you plan to introduce some kind of post tags into Lemmy, preferably something that will behave like Hashtags on Mastodon and other activitypub platforms? I know that Lemmy has been embedding community name as a hashtag for a while now, though having tags that can be populated by users would help discovery greatly.
When will users be able to frictionlessly migrate between instances without losing their posts, their comments, their history, their relationships, their reputation etc? (Without requiring the consent of the exiting instance owner, or that this server still even exists, as they sometimes don’t)
How would you improve it?
a way to filter out posts that have no engagement or comments from others would be helpful since the larger instances flood my feed w hundreds/thousands of news links that flood out the discourse on lemmy.
- I have no idea how and which server I joined, is there any manial I can read better yet visually see how servers are connected that are federated? Thx. And when we search something does it search across all servers? Thanks.
When will anyone be able to click the following /c/books And see an agglomeration of all “books” communities on all federated server? I don’t mean multireddits Thanks!!
What’s something you wish it had? What can our community do to ensure that we keep pulling users away from US tech companies, and into the fediverse?
One of the biggest issue at this point is probably the registration experience. There are quite a few occurrences on !fedibridge@lemmy.dbzer0.com of users not sure whether their email has been validated or not, and at the moment they really need to look out for the toastify notification on their first try, later attempts won’t show it.
Most recent example: https://lemmy.ml/post/27607055?scrollToComments=true
If there could be a way to inform a user saying “your email address has been validated, please wait for an administrator to activate your account, you can reach out to them at xxx”, that would be great.
This generally goes against security best practices as it can be used for attempted user enumeration. A better version would be “we’ll send you an email with your account status if this user exists” but obviously that results in a fair amount more complexity (and cost) to implement
Enumerating users is not a security problem. It’s platform obscurantism to even suggest that it is.
I think I’ll trust owasp and my own over 20 years of experience building commercial software but you do you
That just opens the door for bots that can never be closed
I am not suggesting users being able to enumerate other users, just that the unique link that is currently used for email verification would be more explicit than just the one time toastify notification
the password/cookie should still work even when awaiting validation, password is set before the email is sent
Youre right, I also noticed some other problems while testing registrations:
- https://github.com/LemmyNet/lemmy/issues/5547
- https://github.com/LemmyNet/lemmy/issues/5548#issue-2949361836
For the email validation it could also make sense to send out another email saying “your email has been validated”, so its not only shown on the website.
Thanks!
I’d need more detail here. If registration emails aren’t being sent out correctly, we need to handle that.
These two posts should provide more details
How are you?
A bit tired because my whole family is half sick. Luckily the kids are still okay to go to school.
Otherwise Im excited for this AMA, because I rarely have such direct conversations with users about Lemmy. The discussions on Github are usually quite technical.
Not bad, the swiss chard and spinach I planted recently are sprouting, so that’s got me excited.
Spinach is a finicky bastard in my experience, take good care of it
Chilling in the morning before I start my day job.
Old user, haven’t been active recently. Where’d all this growth come from?? Another reddit refugee situation?
!reddit@lemmy.world started to ban people based on upvotes
!buyeuropean@feddit.uk movement has motivated people to look around for European alternatives to Reddit
Blaze means the website Reddit, not the community they linked
Oh indeed, giving the community can help people read more about it.
Thought you meant pre-2023 by old user
+1 on registration experience being the #1 issue.
Would also be cool if we could stop 404/500ing deleted posts and instead display some indication it has been deleted. See https://en.m.wikipedia.org/wiki/Principle_of_least_astonishment.
Thanks for Lemmy! 💙
No questions right now. Just wanted to say thank you for your hard work.
I know y’all catch a lot of shit and get hammered with requests/demands, so I wanted to let you know that your work is greatly appreciated.
Thanks for dedicating your time and energy to making a non-corporate, federated social environment possible.
Being on Lemmy has been a breath of fresh air.
What have been the biggest challenges with the project over the years, both in terms of technical and non technical aspects. I’d be interesting to hear a bit of retrospective on how has the stack’s been working out, and what surprises you might’ve run into in terms of scaling and federation. What recommendations you’d make based on that and what you would’ve done differently knowing what you know now.
The stack is great, I wouldnt want to change anything. Postgres is very mature and performant, with a high focus on correctness. It can sometimes be difficult to optimize queries, but there are wizards like @dullbananas@lemmy.ca who know how to do that. Anyway there is no better alternative that I know of. Rust is also great, just like Postgres it is very performant and has a focus on correctness. Unlike most programming languages it is almost impossible to get any runtime crashes, which is very valuable for a webservice.
The high performance means that less hardware is required to host a given number of users, compared to something like NodeJS or PHP. For example when kbin.social was popular, I remember it had to run on multiple beefy servers. Meanwhile lemmy.ml is still running on a single dedicated server, with much more active users. Or Mastodon having to handle incoming federation activities in background tasks which makes the code more complicated, while Lemmy can process them directly in the HTTP handler.
Nevertheless, scaling for more users always has its surprises. I remember very early in development, Lemmy wasnt able to handle more than a dozen requests per second. Turns out we only used a single database connection instead of a connection pool, so each db query was running after that last one was finished, which of course is very slow. It seems obvious in retrospect, but you never notice this problem until there are a dozen or so users active at the same time.
With the Reddit migration two years ago a lot of performance problems came up, as active users on Lemmy suddenly grew around 70 times. You can see some of that in the 0.18.x release announcements. One part of the solution was to add missing database indexes. Another was to remove websocket support, which was keeping a connection open for each user. That works fine with 100 users, but completely breaks down with 1000 or more.
After all there is nothing I would do different really. It would have been good to know about these scaling problems earlier, but thats impossible. In fact for my project Ibis (federated wiki) Im using the exact same architecture as Lemmy.
It’s great to hear things mostly worked out. Stuff like scaling bottlenecks is definitely tricky to catch until you have serious loads on the system, but sounds like the fixes very mostly trivial validating overall design. It also looks like you managed to get a way with a fairly simple stack by leveraging Postgres and Rust. I’ve had really good experience with using pg myself, and really don’t see a point in using anything else now. You can use it both as a relation db and a document store, so it’s extremely flexible on top of being highly performant. Keeping the stack simple tends to be underappreciated, and projects often just keep adding moving pieces which end up adding a lot of overhead and complexity in the end.
2nding @nutomic, that I’m really happy with the stack.
The one that seems really magical to me, is diesel. With it we get a compile-time-checked database, that’s tightly integrated to the rust objects / code.
Every single join, select, insert, etc is checked before lemmy is even run, and it eliminates a whole category of errors resulting from mismaps.
Its made adding columns, and changing our data structures so much less error-prone than when I lived in the java-world.
Whenever we find that we’d want to do things differently, we usually do a refactor ASAP so as not to keep rolling spaghetti code. We’ve had to do this many times for the federation and DB code, and even have 2 major refactors that also add features ongoing. But luckily we’ve been able to stay in the rust eco-system for that.
As for UI, leptos didn’t exist when I built lemmy-ui, so I went with a fast react-like alternative, inferno. Its showing its age now, so @sleepless1917 is working on lemmy-ui-leptos, which hopefully will supercede lemmy-ui.
I briefly worked with Hasura which does this sort of magic to produce GraphQL API on top of Postgres. Incidentally, also written in Rust. I do like Leptos approach, it sounds similar to HTMX approach where you just treat the DOM as a dumb terminal.
The stack is overall amazing, but not perfect. Waiting for the Rust code to compile is sometimes very annoying, but I wouldn’t want to use a different language. And we had to implement somewhat complicated things that existing Rust libraries did not do. For example, I made the “i_love_jesus” library so Lemmy could have cursor pagination that uses indexes well and allows bringing back the “back” button, we have a few custom QueryFragment impls because of diesel’s limitations, and we have a custom migration runner to do fancy stuff (see crates/db_schema/src/schema_setup.rs).
Being a Lisper, the idea of waiting for the compiler is very jarring. :)
Oh, to be able to develop Lemmy with something like SLIME or Geiser, now that would be a dream. Too bad the CL’s library ecosystem is so much worse than Rust’s.
Clojure has a lot better story in that regard living on the JVM, but the overhead of using the JVM is a downside of its own. It’s a good platform, but definitely not what you’d call lightweight.
Yeah, if I was building something production ready in Lisp, Clojure would be my choice even though I prefer CL. Ecosystem is ultimately king.
For sure, having mature and battle tested libraries is really hard to beat.
I made the “i_love_jesus” library so Lemmy
Could I ask if there’s any meaning behind that name?
Nothing related to the library. I love Jesus. I’m Catholic and a little silly. Also my GitHub profile picture is Jesus.
I don’t know what I expected lol. Cheers.
Edit: I don’t mean this disrespectfully, it was just a very direct and obvious answer.
I think the greatest strength is that it is so compatible with other Threadyverse software like PieFed and Mbin. This brings a lot of freedom to the users.
the apps! the app support is really great for Lemmy
Absolutely agree on this point. My first app didn’t fulfill my requirements, so I just tested another one being able to configure it how I like.
Yes this is a major benefit of an open network. Lemmy is a very large project already, so it takes a lot of effort to implement new features, because they have to meet high standards for quality and performance and also work together with all the existing features. A project like Piefed is much smaller and can implement new features more quickly. This allows for more experimentation, and successful features can later be added to Lemmy.
Also users who are not happy with Lemmy for any reason can switch to a different platform while still interacting with those on Lemmy. So if Piefed and Mbin grow that is also a benefit for Lemmy.
Yes I’m very excited about the growth of other fediverse software, and a lot of the cool new features they’re adding. Its a great eco-system where we can experiment, be creative, and learn from each other.
- From a code architecture perspective, how close is Lemmy/ActivityPub to reaching its maximum capacity for posts/comments per second? Are there any ways to 10x the load ActivityPub can handle?
- With Nicole in everyone’s DMs, what does the future of spam filtering look like on Lemmy?
- There is no specific maximum capacity, in theory it can scale indefinitely with horizontal scaling. Also see my reply here regarding scaling.
- 0.19.10 already includes a fix to remove private messages when a user gets banned which should help a lot. There is an issue about disabling private messages by default, but Im not sure if that will be necessary. Also 1.0 will include a plugin system, so other devs and instance admins can write their own checks. That way spam waves can be fought in a more flexible way, without having to get a change merged into Lemmy and then waiting for a new release.
I can answer the first point.
We’ve already tackled part of that problem with the Parallel Sending feature that can be enabled on instances with a tremendous amount of traffic. Currently the only instance that makes sense to enable that is LemmyWorld and the only reason is so servers in geographical far away can get more than 3-4 activities/second.With that feature, servers that eventually house and generate the biggest amounts of traffic will be able to successfully communicate all of those activities to everyone else who needs them.
I predict a 10x increase is well in our grasp of easily accessible by all of our current systems. 1000x? That’s a different story which I don’t have the answers too.
Currently the only instance that makes sense to enable that is LemmyWorld and the only reason is so servers in geographical far away can get more than 3-4 activities/second.
For the context, it’s still not enabled at this moment: https://lemm.ee/post/59055817
What are your thoughts on blocking AI scraper access? Any attempts to improve that on the side of Lemmy? Basic things like allowing to customize the robots.txt easily would already help.
I also recently tried this new AI block tool called Anubis with Lemmy, but for some reason it fails with Lemmy-ui. Might be interesting to investigate further.
Anyone that wants to scrape Lemmy would have an easier time setting up their own server, federating with everyone, and reading straight from their DB. No web scraping required. Though, web scraping defenses would be useful against general web scrapers/crawlers.
That would require the authors of these AI scrapers to actually give a f*ck. The problem is that they don’t, and just scrape what ever they can find repeatatly almost like a ddos attack on the open web.
Yup, same as they could clone git repos in one shot, but they instead crawl every single page.
You can load a different robots.txt in your nginx config, something like this:
location /robotx.txt { index /path/to/my/robots.txt; }Additionally 1.0 will change the “private instance” to work with federation enabled (see https://github.com/LemmyNet/lemmy/pull/5530). Then only logged-in users will see content, while AI scrapers wont see anything except the login page.
I just set up Anubis today. Specifically I’m only testing it for Lemmy-ui, and it seems to work fine.
It looks like the distributed waves that keep bringing the service down hit exclusively our lemmy-ui subdomain, so maybe non-SSR photon is also a good defense, heh.
Hmm, that is odd. I guess I need to double check my Nginx config for lemmy-ui then. You have your setup documented somewhere?
Edit: ah, you run Photon as the main UI and lemmy-ui somewhere else? I think specifically the split between frontend and backend on the root domain somehow makes Anubis fail to set the correct cookie.
I don’t think it should be a problem, but I’m not that sure either. Lemmy.fedi.zutto.fi also runs it and that’s just a normal lemmy-ui installation. I think Zutto simply forwarded all traffic to Anubis and then fixed federation. There was some discussion and config shared in sopuli’s finnish matrix room.
I’ve previously worked in anti-scraping. There is a negative 0% chance the Lemmy devs have the resources to effectively do this without tanking the server for everyone else.
Native push notifications would be awesome for Lemmy! I’m keeping my fingers crossed.
Unified Push support would be great.
https://github.com/LemmyNet/lemmy/issues/2631
It’s coming in the next release
Thanks for the info! It looks like we’re almost there - 81% completion means the final release of 1.0 update is just around the corner!
Let’s go! No more email notifications
There is an issue open requesting this… I been following it for a while.
