this post was submitted on 29 Sep 2023
47 points (98.0% liked)
Lemmy Apps
5456 readers
44 users here now
A home for discussion of Lemmy apps and tools for all platforms.
RULES:
- No spamming
- Be nice and have fun
- Follow the general lemmy.world rules
An extensive list of Lemmy apps is available here:
Visit our partner Communities!
Lemmy Plugins and Userscripts is a great place to enhance the Lemmy browsing experience. [email protected]
Lemmy Integrations is a community about all integrations with the lemmy API. Bots, Scripts, New Apps, etc. [email protected]
Lemmy Bots and Tools is a place to discuss and show off bots, tools, front ends, etc. you’re making that relate to lemmy. [email protected]
Lemmy App Development is a place for Lemmy builders to chat about building apps, clients, tools and bots for the Lemmy platform. [email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For those (like me) who are confused what it is:
“Alexandrite is a beautiful desktop-first alternative web UI for Lemmy, a social link aggregator and discussion forum for the Fediverse.”
The mod-heavy focus sounds excellent I must say.
It seems, unlike Elk.Zone for instance, there’s no pre-hosted instance of this yet. Is that correct?
Oops forgot to post links, I edited the post.
I host Alexandrite at https://alexandrite.app/ and several instances also host Alexandrite on their own domains, like https://a.lemmy.world
There's a separately hosted version (https://alexandrite.app/instance) ~~but it's safest to use the one hosted by your instance if it does because of how password stuff works on Lemmy (devs for apps can access your passwords, or whoever hosts it for webapps like Alexandrite and Photon).~~ (corrected by dev below)
Lemmy.world where you are hosts Alexandrite directly (https://a.lemmy.world I think)
Even if we logged all requests (we don't) we could publish a version that did and the ones on lemmy.world and stuff would be vulnerable immediately.
Requests are not proxied (except image uploads due to a CORS issue)
You can tell in the network tab that requests are made directly to the API.
Ah I should've figured there's more to it than that, I was going off of what I've seen some instance owners say.
So regardless of where it's hosted it's still ultimately down to trusting the devs not to do anything bad, same as with most apps?
Correct. It is possible to self host it though, so you can have ultimate trust in one you compile yourself after reading the source code if you go long distances for that.