freamon

Exactly that, yeah. Thank you for the link.

It’s straight-forward enough to do in back-end code, to just reject a query if parameters are missing, but I don’t think there’s a way to define a schema that then gets used to auto-generate the documentation and validate the requests. If the request isn’t validated, then the back-end never sees it.

For something like https://freamon.github.io/piefed-api/#/Misc/get_api_alpha_search, the docs show that ‘q’ and ‘type_’ are required, and everything else is optional. The schema definition looks like:

/api/alpha/search:
    get:
      parameters:
        - in: query
          name: q
          schema:
            type: string
          required: true
        - in: query
          name: type_
          schema:
            type: string
            enum:
              - Communities
              - Posts
              - Users
              - Url
          required: true
        - in: query
          name: limit
          schema:
            type: integer
          required: false

required is a simple boolean for each individual field - you can say every field is required, or no fields are required, but I haven’t come across a way to say that at least one field is required.

PieFed has a similar API endpoint. It used to be scoped, but was changed at the request of app developers. It’s how people browse sites by ‘New Comments’, and - for a GET request - it’s not really possible to document and validate that an endpoint needs to have at least one of something (i.e. that none of ‘post_id’ or ‘user_id’ or ‘community_id’ or ‘user_id’ are individually required, but there needs to be one of them).

It’s unlikely that these crawlers will discover PieFed’s API, but I guess it’s no surprise that they’ve moved on from basic HTML crawling to probing APIs. In the meantime, I’ve added some basic protection to the back-end for anonymous, unscoped requests to PieFed’s endpoint.

There’s some other papers that are trying to paint this trial as some kind of “PC gone mad” thing, and even they have clearly struggled to find a photo of Lineham where he doesn’t look at least a bit unhinged. I’m not trying to make this about his appearance, I just mean that there’s some clear manifestations of poor mental health apparent, and he should probably try to direct his energies towards them a bit more instead.

The best way to provide ! links that work for the most people is just to type them out as plain text, not as a hyperlink to anything.

So, these communities can be found at:

!roughromanmemes@piefed.social

!politicalcompassmemes@piefed.social

!inhabitedbeauty@piefed.social

!tankiejerk@piefed.social

!historyphotos@piefed.social

!historyart@piefed.social

!historyartifacts@piefed.social

!historyruins@piefed.social

!shermanposting@piefed.social

!noncredibledefense@piefed.social

Also, from what I can tell, they haven’t been moved using PieFed’s community migration facility (which squishes the old remote community into a new local one and retains the history (e.g. like what happened with like !casualconversation@piefed.social ). These are just brand new communities, starting from scratch.

I’ll just remove the ‘freamon’ one when the auto-generated one is up to date.

The manually-generated one had 5 missing routes, which I’ve since added.

The auto-generated one at crust has about 48 missing routes. It’s the right approach, and I’ll help out with it when I can, but - for now at least - it makes no sense to redirect people to it (either automatically or via a comment).

Some thoughts for @wjs018@piefed.social

/site/instance_chooser probably doesn’t need to be a route. It’s just the data format returned by /site/instance_chooser_search. As a route, it’s returning the instance info for the site you’re querying, so if you want to keep it as a route, it should probably be called /site/instance_info or something.

In the query for /site/instance_chooser_search, nsfw and newbie are both booleans. With the rest of the API, these are sent as ‘true’ or ‘false’, but they are ‘yes’ and ‘no’ for this route. The newbie query should probably be newbie_friendly In the response, monthsmonitored should probably be months_monitored

There’s no way to exclude communities for the response to /topic/list and /feed/list: If you don’t put ‘include_communities’ in the query, it’s defaults to True, but if you put ‘include_communities=false’ in the query it ends up being True also (because the word ‘include_communities’ is in the data).

It doesn’t, no. The bot gets its data from another bot, at https://lemmyverse.net/, which only crawls Lemmy and MBIN instances at the mo.

We’d either need to send a PR to get that bot to crawl PieFed instances too, or just replicate the functionality from the same machine that runs ‘tcbot’. Communities would also need to provide their ‘active users / month’ too. It’s just the subscriber count currently, but it shouldn’t be too much of a problem hopefully.

I’d be wary of getting a conversation node from anybody other than the original author (as described in the second approach).

There’s a reason why, if you want to resolve a missing post in Lemmy, etc, you have to use the fedi-link to retrieve it from its source, not just from any other instance that has a copy (because, like the “context owner”, they could be lying).

For Group-based apps, conversation backfill is mostly an issue for new instances, who might have a community’s posts (from its outbox), but will be missing old comments. Comments can be automatically and recursively retrieved when they are replied to or upvoted by a remote actor, but fetching from the source (as you arguably should do) is complicated by instances closing (there’s still loads of comments from feddit.de and kbin.social out there - it will be much worse when lemm.ee disappears). So perhaps Lemmy could also benefit from post authors being considered the trusted owner of any comments they receive.

What is the update delay for Fediseer?

I don’t know. It’s not something I’m familiar with - it might just default to saying ‘closed’ if it doesn’t have the data.

It’s interesting that the obvious bot accounts on those instances were set up in mid-March last year, so I’m guessing that these are somebody’s army that they’ve used before, but overplayed their hand when they turned it on the DonaldJMusk person. The admins can reasonably be blamed for setting up instances with open registrations and no protections and then forgetting about them, but I’d be wary of blaming them for being behind the attack directly. The ‘nicole’ person is unlikely to have used their own instance - it’s probably just someone with the same MO as whoever owns the bots, finding and exploiting vulnerable instances.

lemmy.world recently updated from version 0.19.3 to 0.19.10. This change - for Lemmy communities to federate out posts with the community name as a hashtag - was introduced in 0.19.4, so that might be the other reason why this has only just become an issue for you.

The attacker seems to be the admin of those two instances. Both instances have their registrations closed.

The alternative theory would be that these instances had open registrations, but rightly closed registration down after the admins noticed the bots. chinese.lol is on 0.18.4 with an admin with a 2 year old account, lemmy.doesnotexist.club has an admin with a 1 year account, and it was also that instance that the ‘nicole’ person has used before. This downvote attack would need to be a long time in the planning for what you’re suggesting to be true.

There’s an open issue for that kind of thing here: https://github.com/LemmyNet/lemmy/issues/818

If you don’t already know, loads of the images attached to your posts were deleted by accident: https://github.com/LemmyNet/lemmy/issues/5560

There’s a user who cross-posts lots of stuff from ML, and when the admin banned him, it nuked your images too (because both your posts and his posts were pointing to the same image).

I don’t think that blog author is male, btw.

I noticed that a new community - !fedistream@lemmy.world by @Cattail@lemmy.world - has been launched, so maybe there’s been an increase that at least one other person has noticed.

I think that’s what he meant, yeah (no existing DB migration scripts, etc). I don’t know much about it, but I imagine it was probably always going to involve someone more familiar with Lemmy diving into the trenches.

Probably not. It’s fairly rare for those sorts of API endpoints to be covered by mobile apps.

TV shows and movies are already compressed. If you try to compress something that’s already compressed, it typically ends up bigger if anything.

He’s mentioned this before, but I’ve never been able to find an actual PixelFed Group (it doesn’t appear to be the same thing as what they call Collections). I’ll have another look when pixelfed.social enables them this weekend (but I suspect parsing titles for the posts will be a nightmare).

Also, ‘smithereen’ is tagged but I’m not sure of its status (all I found was 1 private instance run by the dev, federated with 1 “explicitly-free-speech” Akkoma instance).

Clarkson has been trying to warn us for years, and we haven’t been listening. He punched a producer when his dinner wasn’t on time, to highlight the impending delays to food deliveries after Brexit. He left the BBC to work for Amazon, presenting a show that was a shadow of it’s former self, to illustrate how billionaires diminish everything they touch.

He couldn’t be clearer with his messaging, but the UK continues to ignore him.