Cr4yfish

I’m actually trying to solve this issue on my own Lemmy app. It automatically switches instances when the requested one is down. Works only in the Feed right now and, of course, accounts are still instance-bound - but I will fix that soon.

I always wonder when people say something like this. I also develop a Lemmy app myself and don’t understand this point, like are you afraid people will complain about your code cleanliness or commenting techniques?

I mean what extra work is there really? Moving secrets to environment variables is annoying, I get that at least.

I mean no offense to you at all, really, but when I check out other Lemmy apps I don’t even bother with closed source ones since I can’t possibly know if you just steal login information. Especially since this is so immensely easy with Lemmy.

Again, I’m not saying you do these things but it’s always better being able to check yourself, you know?

Which App are you using?

Is this a bot?

You could make like a circular shape on the screen with numbers correlating to the speed on different angles. Then maybe add some rectangle which points at the current speed and effectively changes the angle when the speed changes.

Oh wait…

You already have 13 on your comment. You’re like a lemmy celebrity now.

What is it like being famous?

I’m a FSE and I use GitHub copilot and Perplexity. I wouldn’t want to code without them anymore.

I want to get things done (especially when I’m at work) and not spent time reading docs or having 20 tabs of stackflow open. I’ve had enough of that lol.

I think everyone here knows copilot but perplexity is a lot smaller and newer. It’s basically like chatgpt but faster and it googles stuff, giving sources for each claim that I can read for myself.

For example, for my latest project I decided to give tailwind a try and instead of having to look through the docs for every little thing I just ask perplexity and it sums it up for me, even giving examples.

And I use copilot a lot for mundane tasks, for example when I write an API that takes an object of type Foo, Copilot auto Fills making variables and checking each for nulls and then I use that API in the frontend copilot already knows what I’m about to do and auto-fills the fetch.

Nice.

Ah, yes the classic. The Lemmy dev team really forgot to set CORS headers on an API lmao. Hope they fix that soon.

Yeah, it’s a web app. I route all requests through my own backend, so it’s server-server communication between Nemmy and any Lemmy instance, circumventing CORS by design.

Are you sure the CORS settings are messed up? I tried reaching the API a couple of times from my frontend for debugging and got errors due to authentication security. Are you referring to that or something else?

That’s probably the cbat dude after his gf left him.

I’d think it would feel bad having to lie about the music you listen to. Maybe music man is already past denial and in acceptance, just not telling anyone.

But perhaps they’re just a douche.

Yes, from what I’ve seen there are a some people who are concerned about others impersonating them on other instances.

Figuring out if two posts are identical is going to be a challenge

I think I could deal with duplicates pretty easily by checking if different properties of the post are identical, the more are the less likely it is that the post will be shown.

I think a bigger problem is the comments. What if a user reposts a post from r/astronomy on lemmy.world to c/astronomy on lemmy.ml? Which one do we show, and what do we do with the comments of the other? Merge them together, or just leave them? Maybe show a button on the post when there’s a duplicate und the user can switch instances?

Lots of figuring out to do, but it sounds fun!

Edit: The Group-by-Hashtag thing is also a good idea! That would of course make the whole thing less of a headache, but to make that work a lot of users need to do that.

Yes, very good idea! When users create a group, they can select keywords to search for and then the App could make a best guess and then show a list to the user where they can select the ones they want or don’t want in the group.

Ah, sorry if I’m being unclear.

I was thinking of combining the user’s original password with a random 32 Character string and hash that combination. So basically salting the User’s password with random strings. That should work out to multiple passwords I can use.

Thinking of it bcrypt does exactly this, so just running bcrypt a couple of times should be sufficient, no?

Security wise if there was a breach, an attacker would still only have a couple of hashes, none of which are the original password and they can’t dictionary attack due to bcrypt.

Also, if an instance was hacked, the worst case would be that the attacker gains access to the hash (if the instance stored passwords in plain text and didn’t also hash them themselves).

I’m really tired right now so maybe none if this makes any sense, but I think it does lol.

Thanks for letting me know, I’m still new to Lemmy :).

I’ll put this on the roadmap of my App if you don’t mind

takes notes for my own App 👀

Very good point! I think @TheButtonJustSpins@infosec.pub has a good idea on how to circumvent that.

I could make my own database with hashed passwords using postgreqsl and RLS, which is pretty secure. The User then decrypts the hashed passwords once on login and is simultaneously logged into multiple instances of Lemmy to get the JWT of each instance, which is then stored in SessionStorage or even in a Cookie if the User wants to which would make this a one-time process.

On signup the User could just register to one instance and then I just generate random 32 Character passwords and hash them with the Users’ password, then get the JWTs and if cookies are enabled the that would only have to be done every year or so (or when the User deletes the Cookies).

This whole process is seems pretty easy, especially if you’ve done something like this before and I’m betting some other App Dev is already taking notes lmao.

Edit: Let’s also do a thought experiment on what data will be leaked if I did this 1:1 and the database gets somehow hacked:

For each User:

1. Username (=> Gives away that you use Nemmy)
2. Hashed Passwords (=> Hashed passwords cannot be read if you don’t have the original Users’ password until we have access to quantum computers which can literally crack the encryption algorithm)