this post was submitted on 08 Jun 2023
480 points (100.0% liked)

Technology

37705 readers
106 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

About two days ago we found a bug with the registration system on lemmy. Because of this we have updated our registration process a few times, and cannot deny any applications as the person registering does not receive any message and cannot re-apply.

We currently have several hundred people that we are waiting to deny, and some unknown amount of people that we denied prior to finding this issue which we would really like to contact and give them a chance to register as they didn't write enough in their registration for us to really evaluate if they were a good fit for this instance.

If you're a developer please take a look at this github issue and please work your magic to help fix this problem.

As an aside, we also have a list we've been working on for enhancements that would make moderating and administering this instance a lot easier, and enhancements we think users would enjoy in terms of UI and UX. We'd love to share these as well as facilitate a discussion to surface more ideas (and we plan to in the future), but right now we need to focus on the most pressing issue to us running this website, whether people can create an account here and participate.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 35 points 1 year ago (2 children)

As a workaround you can go into the database and query directly for users with rejected application and email provided. Then write a script to email them. Getting a fix developed, reviewed, merged and deployed will take a few days in the best case. And even longer now because we are busy with lots of things.

[–] [email protected] 20 points 1 year ago

Thank you. I've suggested this method to @[email protected] and we are looking into it.

load more comments (1 replies)
[–] [email protected] 27 points 1 year ago* (last edited 1 year ago) (2 children)

To work on bugs and test do I just need the UI and backend? Does the backend code have a embedded DB for local development? I can code, btw. I can figure rust out, great with JavaScript and JVM languages.

[–] [email protected] 16 points 1 year ago

@[email protected] may be able to answer these questions.

[–] [email protected] 9 points 1 year ago (11 children)

The rust backend, Postgres Db and UI are all available as docker images. The rust “lemmy” repo has a docker compose file (if you are familiar with the concept) allowing you to spin up the whole stack locally pretty easily if you already have docker installed.

load more comments (11 replies)
[–] [email protected] 23 points 1 year ago* (last edited 1 year ago) (1 children)

Likely need to define some basic rbac controls. They signed up, sure, and have an initial role of “pending”, but don’t receive a “user” role until after approval. Then in the home page, when signed in, they get a banner saying they’re still in pending and will not be able to post or comment.

The major concern will be retroactively applying user roles to the existing users.

[–] [email protected] 6 points 1 year ago

I'm a fan of this approach. That way, we can return a 200/201 on subsequent registrations for the case where an attacker would query if a user name already exists on an instance. If rejected, remove the account. If accepted, add the user role.

[–] [email protected] 19 points 1 year ago (1 children)

Bit of a tangent here, but if you’re ever looking for experience designers to help out here and there, or to just give something a second set of eyes, I might be able to lend a hand or connect y’all with some bright and chill people.

You probably don’t want me making any PRs, but I know my way around Figma and a user test plan.

[–] [email protected] 13 points 1 year ago (24 children)

I'd love to see you redesign some parts of the Lemmy UI!

In my option, a lot of designing work is still to be done so I'd love to see mockups you can make and your thoughts on design work!

load more comments (24 replies)
[–] [email protected] 17 points 1 year ago

Thanks for posting and writing all this up. I'll take a good look at it if this is a Friday that work tickets decide to slow down.

[–] [email protected] 17 points 1 year ago

Hiya! Lemmy was actually one of the reasons I started learning Rust, but I do also know JavaScript, Python, a bit of Julia, C, C++, MASM, NASM, MIPS, a bit of TypeScript, and Java. I've worked on both frontend and backend although I think my expertise and comfort lies with backend primarily. I'm not sure if I'd be able to help with y'all's issue as I'm not familiar with the Lemmy codebase, but I'd be willing to try and help debug the issue and hopefully get it under control.

[–] [email protected] 15 points 1 year ago* (last edited 1 year ago) (1 children)

A "quick fix" might be to test for a user unapproved status on login and provide it as a status (e.g. 404:application_denied). Then the behaviour can be either release all created but unapproved accounts after 24hrs elapse or perma-"ban" until approved like it is now depending on server preferences.

"Quick fix" as in it's seems quick but will take me a while to implement if I were to try and I won't have time for a few days to get serious and become familiar with the code.

[–] [email protected] 22 points 1 year ago* (last edited 1 year ago) (1 children)
[–] [email protected] 10 points 1 year ago (1 children)

Servers may also send [a 404] response instead of 403 Forbidden to hide the existence of a resource from an unauthorized client.

In this case, I agree that 403 is the better response, but for some resources, in the name of security and privacy, 404 might be more appropriate depending on the request.

[–] [email protected] 7 points 1 year ago* (last edited 1 year ago)

Yeah at work we mask all responses to the client in production to x00, but in the scenereo the original commenter laid out exposing the 403 would be best.

Adding a modal client side would prob be best here.

[–] [email protected] 14 points 1 year ago (1 children)

I thought this was a mistake. I filled out an application early on and didn’t fill it out correctly. I expect that account was denied, but I did notice that the user was created the exact second I applied which was weird. I assume the username is now in a limbo state. Seems strange that lemmy would create an account before it’s approved.

[–] [email protected] 7 points 1 year ago

There needs to be something to approve or reject, after all. It could have been a separate table but this way is probably better ultimately, modulo current bugs. The same machinery can be used for suspending accounts and other steps in the account lifecycle.

[–] [email protected] 13 points 1 year ago (2 children)

I cannot code. 🫤

But it occurs to me that we need a couple of features - although maybe they already exist.

One is the ability to back up a Lemmy account and download the data.

The other is account portability - the ability to move an account from one instance to another.

But I suspect that #2 might be impossible.

load more comments (2 replies)
[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (2 children)

I wonder if the RES devs might consider working on BES (or LES)?

[–] [email protected] 12 points 1 year ago (1 children)

We can definitely use all the help we can get. Luckily since lemmy and its UI is open source, we can embed all this highly popular functionality directly into lemmy-ui.

[–] [email protected] 9 points 1 year ago

I'd love it. I don't hate the UI as it currently is, but I'd definitely appreciate some features, like the hotkeys RES has, or a tighter UI in general, with less padding and space between elements.

To be fair, tweaking the UI is surely in my power and skillset, but UI is surely my least favorite part of development as a whole.

[–] [email protected] 9 points 1 year ago

If I remember correctly, RES has basically been limping along in maintenance mode for quite a while now and there's only one or two people left working on it - and only from time to time.

[–] [email protected] 12 points 1 year ago* (last edited 1 year ago) (5 children)

Off topic but I'm really happy that the developers chose Rust to code Lemmy in. Low maintenance + high performance is the ideal combo for open source server software.

load more comments (5 replies)
[–] [email protected] 11 points 1 year ago

I'm a beginner with Rust, but a full-time web engineer with React/TS/PHP/SQL/etc experience. I'm a bit swamped at the moment, but I'm down to contribute eventually :)

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago)

I have front end and back end experience but work has me kind of bogged down lately. If nobody has stepped up by Sunday I should be free to start taking a look at it at the very least.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago) (1 children)

I forget my password to my GitHub account, so ill just reply here. I agree - it is a bit hard to know if youve been accepted or not. I just kept trying to log in once or twice over an hour or so, but I doubt thats feasible especially for the cases of people who get denied and dont know why.

I am not quite certain on the structure of a Lemmy server, but I imagine there's a log of users that you can join to a particular db entry for acceptance status and denial message. Given that you host the server that this is on, I imagine you might be able to append some changes to the login page to access these fields.

My thought is that there can be a small text input added to the bottom of the log in page that you can enter in a username, and have it present the necessary data pertaining to acceptance status. Again, not sure how this would work in Lemmy structure land, but in MVC where Im competent, I would have an endpoint that returns data as json, then ping it with an ajax post request. Id imagine something similar could be done here

load more comments (1 replies)
[–] [email protected] 10 points 1 year ago

I have Rust experience and will consider helping out. I've been wanting to help out Lemmy recently anyway.

[–] [email protected] 8 points 1 year ago (1 children)

@Gaywallet what if you signed up without an email? I don't think I added an email address until later attempts.

What can we do to reapply with a decent effort?

[–] [email protected] 7 points 1 year ago (3 children)

There is no reapplying until this is fixed.

[–] [email protected] 6 points 1 year ago* (last edited 1 year ago) (2 children)

Does this issue also explain why I didn’t receive an email to say I was successful and only discovered I was approved by just trying to login just in case or is that a separate issue? Edit: I am a fool. I don’t believe I supplied an email address… I’m off to a great start!

load more comments (2 replies)
load more comments (2 replies)
[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

I'm a react dev. I'm happy to contribute in my spare time, probably weekends and smaller issues. I noticed the client is built in inferno, which from a quick look appears to be fairly similar to react, so I'm sure I can be useful. I'll have a look tomorrow, can see a large list of issues so I'm sure I will find something to do.

[–] [email protected] 8 points 1 year ago (1 children)

I’ll take a look at it and submit a post request with fixes within the next week

load more comments (1 replies)
[–] [email protected] 8 points 1 year ago

I'd be happy to help contribute as best I can. I don't have much Rust experience but I'd like to learn more. One thing I'm noticing: I like that there are a good deal good first issue tags for the backend repo, but only one for the frontend. I'm not sure if there's really that far fewer intro tasks for the frontend or if they're just not tagged as thoroughly.

[–] [email protected] 8 points 1 year ago

I don't really know Rust at all but it might be a good opportunity to learn. I come from a C# and Python background so I might see if there's anything I can tackle.

[–] [email protected] 8 points 1 year ago

I can't code, but I'd be happy to send donations to those who can to work on Lemmy. I'm not a rich man but I'll happily help how I can.

[–] [email protected] 8 points 1 year ago (1 children)

as they didn’t write enough in their registration for us to really evaluate if they were a good fit for this instance.

I'm just curious, what do you consider to be "writing enough"? How strict are you with your applications? I'm trying to learn from beehaw for my own instance.

[–] [email protected] 13 points 1 year ago (4 children)

We want them to fit in with our philosophy, so we're looking that they paid attention to our rule, our ethos, and our ambiance. To be clear, we're not making judgements, but if you leave it blank or only talk about federation, we can't be certain that you will vibe with how we moderate and what we're trying to do here.

[–] [email protected] 11 points 1 year ago (1 children)

Cool. Roughly how many % of applications do you deny? I'm starting to wonder if I should be stricter with my applications for the sake of "user quality".

I've found many applications simply fail to answer the questions. I guess this should at least be a minimum requirement.

[–] [email protected] 28 points 1 year ago (4 children)

I think we're approving around half, but I'm not sure if that's kept up today. To share my thoughts on the matter I'm extremely concerned about the possibility of this place moving the direction of echo chambers for a variety of reasons. I'll probably make another philosophy post in the next week or so, but I've been very overextended between this, work, current healthcare issues (I've had 2 surgeries in the last two weeks 😩), stuff for pride month (I'm a leader at my work's pride ERG, moderated a speaker today, speaking for a group next week, gotta help with SF pride, etc), and in general being busy in my social life as well so I haven't really had a ton of time to contribute all my thoughts or put them on paper as I'd like to.

[–] [email protected] 12 points 1 year ago (1 children)

Oh my goodness! Please, please, please look after yourself and your health and wellbeing first and foremost!

It sounds like we're a lot alike, and I burned myself out overextending myself, like you're doing, trying to help others so much for so long...my health issues got worse and now I can't help anyone because I can barely even take care of myself! and it's an awful feeling when previously helping others was my whole thing and reason for living.

This may be unsolicited and TMI, but just wanted to caution you about what could happen. Look after yourself, please! You deserve it! Remember that you can't help and look after others if you don't help and look after yourself. Thank you for everything you've done and are doing already. Hang in there. <3

[–] [email protected] 10 points 1 year ago (1 children)

I greatly appreciate the feedback and I have taken a few steps back this week to ensure I'm not overextending myself. Thank you for looking out for me 🥰💜

load more comments (1 replies)
[–] [email protected] 6 points 1 year ago

anywhere from 1/3 to 1/2, yeah

load more comments (2 replies)
load more comments (3 replies)
[–] [email protected] 7 points 1 year ago (1 children)

I got my approval email, is the problem limited to denial notification?

[–] [email protected] 10 points 1 year ago

The GitHub link details the scope of the issue

[–] [email protected] 7 points 1 year ago

Is there a way we can minimize the stickies? It’s a quality of life but would be great to read it once and shrink it so I get to my feed quicker.

[–] [email protected] 7 points 1 year ago

I am a software developer. I will look at it this weekend at some point. I'll try to help if I can.

load more comments
view more: next ›