Beehaw Support

I'm trying to enable 2FA, the link generated does not work.

I'm out of the loop. Are we federating with Threads or not?

EDIT: The answer is no, we are not federating with Threads. Thank you. That's the answer I was hoping for.

When trying to access https://beehaw.org/c/finance it gives a 502 bad gateway -- “Worker Bees are busy updating the website”.

Hey folks! Sorry if this has been covered elsewhere but I did a search around the site and I just couldn't find the information I was looking for.

I remember reading a while back that the folks at beehaw were considering moving to a new platform and I was just curious if anything came of that?

Thanks for all you do!

obligatory preface: we're 100%-user funded and everything you donate to us specifically goes to the website, or any outside labor we pay to do something for us. you can donate here.

overall expenses this month: $230.81

$134.40 for Digital Ocean hosting, which can be further subdivided into

• $112.00 for hosting the site itself
• $22.40 for backups
• $0.00 for site snapshots

$28.80 for Hive, an internal chat platform we've set up (also being hosted on Digital Ocean)

• $24.00 for hosting Hive
• $4.80 for backups
• $0.00 for snapshots

~$39.16 for email functionality, which can be further subdivided into

• $35/mo for Mailgun (handles outbound emails, so approval/denial/notifications emails; also lets us not get marked as spam)
• ~$4.16/mo ($50/yr, already paid in full) for Fastmail (handles all inbound emails)

$29.18 for BackBlaze (redundant backup system that's standalone from Digital Ocean)

overall contributions this month: $596.28

• all contributions this month were monthly donations.

total end of month balance: $5,470.13

expense runway, assuming no further donations

• assuming expenses like ours this month: we have about two years of runway

finance history

The community can be found at [email protected]. Are there any appropriate places under the beehaw umbrella?

I just tried to enable 2FA on my account, it said to save and refresh to get the setup code etc but it just logged me out.

Now I can’t login without a 2FA code that I don’t have. Any chance I can get a bit of help resetting it so I can log back in again?

I’m still logged in on this device (via the voyager app) so hopefully this post works!

Is there anything in the works that will allow us to hide posts? Report isn't necessary in a lot of cases which just leaves the block option. It works but it's also overkill.

Hi beeautiful people.

On certain posts, reply chains seem to be hidden by a "x more replies" button. When I try to click to expand these replies, however, I'm met with an eternally-spinning wheel. I've tried this in both Chrome and Firefox, with extensions enabled and disabled, all to the same effect. Any help is appreciated.

Browser: Chrome 118.0.5993.88 (Also reproduced on the latest Firefox)

Platform: Fedora 38

Thanks. :)

Sloppy video recording of the behavior in question: https://youtu.be/rWbZc3wdVC4

The thread I used as an example: https://beehaw.org/comment/1433678

Update: I finally figured out that this happens on threads where I have one of the participants blocked. Everyone can look away now.

Is creating a new community at will not an option on Beehaw?

obligatory preface: we're 100%-user funded and everything you donate to us specifically goes to the website, or any outside labor we pay to do something for us. you can donate here.

overall expenses this month: $230.81

$134.66 for Digital Ocean hosting, which can be further subdivided into

• $108.00 for hosting the site itself
• $21.60 for backups
• $5.06 for site snapshots

$27.81 for Hive, an internal chat platform we've set up (also being hosted on Digital Ocean)

• $23.14 for hosting Hive
• $4.63 for backups
• $0.04 for snapshots

~$39.16 for email functionality, which can be further subdivided into

• $35/mo for Mailgun (handles outbound emails, so approval/denial/notifications emails; also lets us not get marked as spam)
• ~$4.16/mo ($50/yr, already paid in full) for Fastmail (handles all inbound emails)

$29.18 for BackBlaze (redundant backup system that's standalone from Digital Ocean)

overall contributions this month: $691.85

support still more than covers our expenses; interestingly, our donation composition is now almost exclusively monthly donations.

• 108 monthly contributions, totaling $668.33
• 2 one-time donations, totaling $23.52

total end of month balance: $5,198.47

expense runway, assuming no further donations

• assuming expenses like ours this month: we have about one year and seven months of runway.

finance history

On Beehaw there are a few tldr bots from other instances. I present Beehaws own summarizing bot developed by yours truly. Based on feedback from moderators and community leaders, I don't just want to let this loose on the entire site. Might cause confusion and spam for a community instead of being useful. If you do like what that bot does, and are a moderator of a community on Beehaw that wants to use it; send a private messaged to AbstractifyBot stating Summarize articles on c/[communityname].

That's just one aspect, but I have a few more questions while I have your attention.

• What type of bots if any do you want to see on Beehaw to help things/your community?
• Which functions of the 'nice to have' should be built in and not reliant on a bot to do?
• What do you need for your communities to thrive here?

Permanently deleted

cross-posted from: https://lemmy.dbzer0.com/post/4500964

cross-posted from: https://lemmy.dbzer0.com/post/4500908

In the past months, there's a been a issue in various instances where accounts would start uploading blatant CSAM to popular communities. First of all this traumatizes anyone who gets to see it before the admins get to it, including the admins who have to review to take it down. Second of all, even if the content is a link to an external site, lemmy sill caches the thumbnail and stores it in the local pict-rs, causing headaches for the admins who have to somehow clear that out. Finally, both image posts and problematic thumbnails are federated to other lemmy instances, and then likewise stored in their pict-rs, causing such content to be stored in their image storage.

This has caused multiple instances to take radical measures, from defederating liberaly, to stopping image uploads to even shutting down.

Today I'm happy to announce that I've spend multiple days developing a tool you can plug into your instance to stop this at the source: pictrs-safety

Using a new feature from pictr-rs 0.4.3 we can now cause pictrs to call an arbitary endpoint to validate the content of an image before uploading it. pictrs-safety builds that endpoint which uses an asynchronous approach to validate such images.

I had already developed fedi-safety which could be used to regularly go through your image storage and delete all potential CSAM. I have now extended fedi-safety to plug into pict-rs safety and scan images sent by pict-rs.

The end effect is that any images uploaded or federated into your instance will be scanned in advance and if fedi-safety thinks they're potential CSAM, they will not be uploaded to your image storage at all!

This covers three important vectors for abuse:

• Malicious users cannot upload CSAM to for trolling communities. Even novel GenerativeAI CSAM.
• Users cannot upload CSAM images and never submit a post or comment (making them invisible to admins). The images will be automatically rejected during upload
• Deferated images and thumbnails of CSAM will be rejected by your pict-rs.

Now, that said, this tool is AI-driven and thus, not perfect. There will be false positives, especially around lewd images and images which contain children or child-topics (even if not lewd). This is the bargain we have to take to prevent the bigger problem above.

By my napkin calculations, false positive rates are below 1%, but certainly someone's innocent meme will eventually be affected. If this happen, I request to just move on as currently we don't have a way to whitelist specific images. Don't try to resize or modify the images to pass the filter. It won't help you.

For lemmy admins:

• pictrs-safety contains a docker-compose sample you can add to your lemmy's docker-compose. You will need to your put the .env in the same folder, or adjust the provided variables. (All kudos to @[email protected] for the docker support).
• You need to adjust your pict-rs ENVIRONMENT as well. Check the readme.
• fedi-safety must run on a system with GPU. The reason for this is that lemmy provides just a 10-seconds grace period for each upload before it times out the upload regardless of the results. A CPU scan will not be fast enough. However my architecture allows the fedi-safety to run on a different place than pictrs-safety. I am currently running it from my desktop. In fact, if you have a lot of images to scan, you can connect multiple scanning workers to pictrs-safety!
• For those who don't have access to a GPU, I am working on a NSFW-scanner which will use the AI-Horde directly instead and won't require using fedi-safety at all. Stay tuned.

For other fediverse software admins

fedi-safety can already be used to scan your image storage for CSAM, so you can also protect yourself and your users, even on mastodon or firefish or whatever.

I will try to provide real-time scanning in the future for each software as well and PRs are welcome.

Divisions by zero

This tool is already active now on divisions by zero. It's usage should be transparent to you, but do let me know if you notice anything wrong.

Support

If you appreciate the priority work that I've put in this tool, please consider supporting this and future development work on liberapay:

https://liberapay.com/db0/

All my work is and will always be FOSS and available for all who need it most.

@support Yesterday I saw this post https://beehaw.org/post/7776438 where it used the non-propagation of deleted posts as an example of one of the problems of the Lemmy platform. Today, this post https://lemmy.world/post/5289864 says there's "a bug in kbin where moderation tasks are not federated to other instances".. i'm confused, isn't that a problem coming from the underlying software, Lemmy? Are they shifting blame?

I'm on Firefox on android on pixel 7. Just started seeing this today. It's not a big deal. But it's weird it started suddenly.

Anybody else having this issue (attached screenshot). Landscape mode is fine. I'm guessing this is an upstream issue. Text alignment is all over the place.

Eta: this is in Firefox on Android

Permanently deleted

Hello,

I have been accesing beehaw through Jerboa and Wefwef, recently due to the timezone issue I had to use the website. When I try to log in I'm asked to enter a 2FA token but I don't think I ever activated that. I'm able to access my account through wefwef now because my credentials were stored here and the issue has been fixed, but I can't access beehaw settings from here to disable 2fa. Would you be able to disable 2FA for my account?

Thanks in advance!

you might have noticed we lost a bunch of posts...

in short: we tried to fix a Lemmy issue that started on 9/13 and is causing or has caused problems with apps for the software. we're aware of basically all of them besides Sync exhibiting some sort of problematic behavior since this issue arose. however: attempting to fix this issue on our side of things did not go well.

i am not qualified to make a formal write-up of the exact mechanism of what went wrong here--and in this case the mechanism isn't really important for your informational purposes, although @[email protected] can elaborate as needed--but basically we made a fix that seemed fine in testing and was not fine when actually applied. when it became obvious something was wrong, we tried restoring literally everything but the database. that, unfortunately, did not work, so eventually we just pulled the trigger on restoring from a backup. this has lost at least some posts, but probably no more than 8 hours of them by our estimation.

hopefully this will not happen again, either upstream or on our side of things.

Has something happened? I made 3 posts and a few comments late yesterday and they're all gone today (but still appear on the federated instances I posted them to)

Its only beehaw that doesn't load. Can someone help?

Starting this morning Jerboa crashes and Connect for Lemmy shows a spinner when trying to access Beehaw. My accounts on other Lemmy instances are working fine.

Is anyone else having similar issues?

I find they make it harder to read and as I'm under data restrictions it would be nice to not load them.

Sorry if this has been asked before. I know the lemmy software has a lot of limitations too so maybe this is one of them.

Yesterday, you probably saw this informal post by one of our head admins (Chris Remington). This post lamented some of the difficulties we’re running into with the site at this point, and what the future might hold for us. This is a more formal post about those difficulties and the way we currently see things.

Up front: we aren't confident in the continued use of Lemmy. We are working through how best to make the website live up to the vision of our documents—and simply put, the vast majority of the limitations we're running into are Lemmy's at this point. An increasing amount of our time is spent trying to work around or against the software to achieve what we want rather than productively building this community. That leaves us with serious questions about our long-term ability to stay on this platform, especially with the lingering prospect of not having the people needed to navigate backend stuff.

Long-time users will no doubt be aware of our advocacy for moderator tools that we think the platform needs (and particularly that we need). Our belief in the importance and necessity of those tools has only hardened with time. Progress of those tools, however—and even organizing work on them—has been pretty much nonexistent outside of our efforts from what we can see.[^1] In the three months since we started seriously pushing the ideas we'd like to see, we’re not aware of any of them being seriously considered—much less taken up or on the way to being incorporated into Lemmy.

In fact: even within the framework of Lemmy's almost nonexistent roadmap and entirely nonexistent timetable on which to expect features it has been made clear to us that improving federation or moderation on the platform are not big priorities.[^2] We have implicitly been told that if this part of the software is to improve we will need to organize that from scratch. And we have tried that to be clear. Our proposal is (and has been) paying people bounties for their labor toward implementing these features, in line with paying all labor done on our behalf—but we've received mixed messages from the top on whether this would be acceptable. (Unclear guidance and general lack of communication is symptomatic of a lot of our relation with the Lemmy devs in the past few months.)

Things aren't much better on the non-moderator side of things. The problems with databases are almost too numerous to talk about and even Lemmy's most ardent supporters recognize this as the biggest issue with the software currently. A complete rewrite is likely the only solution. Technical issues with the codebase are also extensive; we've made numerous changes on our side because of that. Many of the things we're running into have been reported up the chain of command but continue to languish entirely unacknowledged. In some cases bugs, feature requests, and other requests to Lemmy devs have explicitly been blown off—and this is behavior that others have also run into with respect to the project. Only very recently have we seen any overtures at regular communication—and this communication has not hinted at any change in priorities.

All of what was just described has been difficult to get a handle on—and having fewer users, less activity, and more moderators has not done a whole lot to ease that. We honestly find that the more we dig and the more we work to straighten out issues that pop up, the more pop out and the more it feels like Lemmy is structurally unsound for our purposes. (One such example of what we’re working with is provided in the next section.)

In summary: we believe we can either continue to fight the software in basically every way possible, or we can prioritize building the community our documents preach. It is our shared belief that we cannot, in the long-term, do both; in any case, we're not interested in constantly having to fight for basic priorities—ones we consider extremely beneficial to the health of the overall Lemmy network—or having to unilaterally organize and recruit for their addition to the software. We are hobbyists trying to make a cool space first and foremost, and it's already a job enough to run the site. We cannot also be surrogates for fixing the software we use.

PenguinCoder: A brief sketch of the technical perspective

I've said a few words about this topic already, here and here. Other Beehaw admins have also brought some concerns to the Lemmy devs. Those issues still exist. To be clear: this is a volunteer operation and Lemmy is their software; they have a right to pick and choose what goes into it and what to put a priority on. But we have an obligation to keep users safe and secure, and their priorities increasingly stifle our own.

In the case of this happening for open source projects, the consensus is to make your own fork. But:

The problem with forking Lemmy is in starting from all the bad that is inherently there, and trying to make it better. That is way more work than starting fresh with more developers. IE, not using Rust for a web app and UI, better database queries from the start, better logging/functions from the start; not adding on bandaids. A fork of Lemmy will have all of Lemmy's problems but now you're responsible for them instead.

We don't need a fork, we need a solution.

To give just one painful example of where an upstream solution is sorely needed: the federation, blocking, and/or removal of problem images.

1. You post an image to Beehaw.
2. Beehaw sends your content out to every other server it's federated with
3. Federated server accepts it (beehaw.org is on their allowlist), or rejects it (beehaw.org is on their denylist)
4. If the server accepts it, a copy of your post or comment including the images are now on that receiving server as well as on the server you posted it to. Federation at work.
5. Mod on beehaw.org sees your post doesn't follow the rules. Removes it from beehaw.org. The other instances Beehaw pushed this content to, do not get that notice to remove it. The copy of your content on Beehaw was removed. The copy of your content on other servers was not removed.
6. The receiving federated instance needs to manually remove/delete the content from their own server
7. For a text post or comment that's removed, this can be done via the admin/mod tools on that instance
8. For a post or comment including a thumbnail, uploaded images, etc; that media content is not removed. It's not tracked where in Lemmy that content was used at. Admin removal of media commences. This requires backend command line and database access, and takes about a dozen steps per image; sometimes more.

There are dozens of issues—some bigger, some smaller—like this that we have encountered and have either needed to patch ourselves or have reported up the chain without success.

Alternatives and the way forward

If possible the best solution here is to stay on Lemmy—but this is going to require the status quo changing, and we’re unsure of how realistic that is. If we stay on Lemmy, it is probable that we will have to do so by making use of a whitelist.

For the unfamiliar, we currently use a blacklist—by default, we federate with all current and newly-created nodes of the Fediverse unless we explicitly exclude them from interacting with our site. A switch to a whitelist would invert this dynamic: we would not federate with anybody unless we explicitly choose to do so. This has some benefits—maintaining federation in some form; staying on Lemmy; generally causing less entropy than other alternatives, etc. But the drawbacks are also obvious: nearly everything described in this post will continue, blacklist or whitelist, because a huge part of the problem is Lemmy.

Because of that we have discussed almost every conceivable alternative there is to Lemmy. We are interested in the thoughts of this community on platforms you have all used and what our eventual choice is going to be, but we are planning on having more surveys in the future to collect this feedback. We ask that you do not suggest anything to us at this time, and comments with suggestions in this thread will be removed.

As for alternatives we’re seriously considering right now: they’re basically all FOSS; would preserve most aspects of the current experience while giving us less to worry about on the backside of things (and/or lowering the bar for code participation); are pretty much all more mature and feature-rich than Lemmy; and generally seem to avoid the issues we’re talking about at length here. Downsides are varied but the main commonality is lack of federation; entropy in moving; questions of how sustainable they are with our current mod team; and more cosmetic things like customization and modification.

We’re currently investigating the most promising of them in greater depth—but we don’t want to list something and then have to strike it, hence the vagueness. If we make a jump, that will be an informed jump. In any case logistics mean that the timetable here is on the order of months. Don’t expect immediate changes. As things develop, we’ll engage the community on what the path forward is and how to make it as smooth as possible.

[^1]: Other administrators have probably vocally pushed for these things, but we’re not aware of any public examples we can point to of this taking place. Their advocacy has not produced results that we're aware of in any case, which is what matters. [^2]: Perhaps best illustrated by the recent Lemmy dev AMA. We’ll also emphasize that Beehaw’s admin team is not alone in the belief that Lemmy devs do not take mod tools or federation issues particularly seriously.