I use SwiftKey and I hate it, but I haven’t found anything better

I’m in exactly the same boat. 😅

I don’t understand how it has been broken for years. I wonder if none of the engineers working on it actually use it themselves? Deleting all of your local data makes it stop crashing for a few weeks, but then you of course also lose all the learned predictions, and eventually it just gets to a point where it just crashes more and more often and you have to delete all the local data again. It sucks.

If only the default Apple keyboard had support for my language, I would ditch SwiftKey forever.

I think there are two separate things I want to address here:

First, agile isn’t a project management methodology, it’s just a set of 4 abstract priorities and 12 abstract principles. It’s very short, you can check it out here:

https://agilemanifesto.org/

Nothing here says that you’re not allowed to write documentation, write down requirements, etc. In fact, the principles encourage you yourself as a software team to create the exact processes and documentation that you need in order to meet your goals.

“Working software over comprehensive documentation” does not mean you aren’t allowed to have documentation, it just means that you should only write documentation if it helps you build working software, rather than writing documentation for the sake of bureaucracy.

“Individuals and interactions over processes and tools” does not mean that you should have no processes, it just means that the individuals in your team should be empowered to collaboratively create whatever processes you need to deliver good software.

Secondly, in terms of practical advice:

1. Talk about this problem with your team. Is it hard for others to figure out where requirements came from? Maybe they already have a good method and can share it with you. If it’s hard for everybody, then propose improvements to your process, for example, propose some type of design document process as part of building any new features
2. There are no perfect answers to the question of “how do I safely make non-trivial changes to systems”, but the general approach is to ensure that:

a. You have metrics about how your system is used.

b. You have automated tests covering any requirements, so that you can feel confident when making changes to one part of the system that it isn’t violating any unrelated requirements.

c. You actually document any confusing parts in the code itself using comments. The most important thing to cover in comments is “why is this logic necessary?” - whenever something is confusing, you need to answer this question with a comment. Otherwise, the system becomes very annoying to change later on.

If you are missing any of the above, then propose to your team that you start doing it ASAP

3. At the end of the day, somebody is responsible for making product decisions. Is it your team? Or maybe some separate product owner? Sometimes, you just need to communicate with whoever is responsible to figure out if any requirements are still relevant, or if they are now safe to change.

It’s not really a bug, it’s just a case where app developers need to update their code to support a small change in the Lemmy API. More details here: https://lemm.ee/post/34259050/12479585

They specifically called it “child abuse content”, not “child abuse”. This seems perfectly valid, no?

By the way, just because these are digital renderings does not mean that there is no harm. Seeing such content can still be harmful to past victims. Just try to put yourself in this situation: imagine just playing some video game online, and suddenly being exposed to people recreating traumatic experiences from your past. Not only that - you also discover that the creators of the video game are involved & actively enabling such content. Seems completely messed up to me.

I think separate report inboxes are needed for the report reasons approach as well. This RFC doesn’t prevent having report reasons, rather I think it brings us closer to that goal.

Thanks for the thoughts!

Why not take this approach to simplify it then?

Yeah, the wording can be changed, I’m adding a note about it to the RFC

But I should be able to mark a report complete if I have dealt with it. Otherwise I’m just going to go to the post and sort it out anyway, so its just adding complexity. Barriers/extra steps to administration is not the way forward here.

I think in this particular case, some barriers are crucial. At the very least, I think we need to have warnings/extra confirmations when an admin wants to resolve a mod report.

I mean, if an admin handles it to the point where mods can’t take any further actions anyway (ban + content removal), then the report is automatically resolved already, so there is no need to manually resolve. OTOH, if an admin handles it in a way that a mod might still want to take additional action (for example, the admin just removes a comment), a mod might still want to take further action (for example, ban the offending user from their community), but if the admin marks the mod report as resolved, the mod will most likely end up never seeing it.

I am legally on the hook for content on my instance, not the moderators, and proposing changes that make it harder to be an admin is a touch annoying.

Btw, I don’t think any admin actions should be made harder, I am only talking about adding barriers to resolving reports which are in mod inboxes, and when I say “resolving reports”, I am literally just talking about marking the report as resolved (this shouldn’t really be a common action for admins - it’s akin to marking DMs as read for other users IMO). I don’t want to limit admins in any way from banning/removing content/anything like that.

No. This is a step backwards in transparency and moderation efforts. Granularity and more options is not always a good thing. If you’ve ever had the misfortune of using Meta’s report functionality you’ll know how overly complex and frustrating their report system is to use with all their “granularity”.

Agreed, I think that’s in line with why I proposed not going that path in the RFC as well.

To add: I would suggest thinking about expanding this to notify the user a report has been dealt with/resolved, optionally including rationale, because that feedback element can sometimes be lacking.

I think that would a good additional feature, but orthogonal to this particular RFC (I mean, neither feature depends on each other)

Thanks for the comment! I think I generally agree with your points, will try to incorporate them into the RFC soon.

While I don’t think admins should be removing things that were reported to the community, they should be able to remove things outside of reports (even without being a mod). Sometimes spam might get reported to the mods, but the admins need to take action. Could the ‘read only’ view add a little warning before action is taken?

To be clear, admins are always able to do that anyway, I’m not proposing any changes to this. I am only proposing to limit the actual “mark as resolved” action, in order to prevent admins from accidentally hiding reports from mods. But I think it makes sense to even not limit this completely, and rather just show a warning when an admin does it - I have updated the RFC.

Btw, for this one:

Sometimes spam might get reported to the mods, but the admins need to take action.

I think it will mostly be OK as long as we allow mods to escalate reports to admins. But still, maybe it is indeed necessary to allow admins to directly resolve mod reports (with an extra UI confirmation step) as well.

That particular instance was very recently the source of a lot of CSAM and spam, so that’d be why. A lot of instances recently upped their security to combat that.

Just to add some more context, there was an attacker recently who created accounts on several Lemmy instances and used those accounts to spread CSAM. On lemm.ee, this attacker created 4 accounts over a 24h period, but was not able to upload any CSAM to our servers due to our stricter upload rules (we require 4 week old accounts to upload any images at all), and all of the 4 accounts were removed very shortly after creation (most of them within an hour of signing up). The attacker gave up trying to use lemm.ee very quickly, and moved on to other instances.

I just wanted to share this context to illustrate that while indeed the different measures we implement to protect the instance can have a negative impact on legitimate users, I really believe that overall, they have a net positive effect. In addition to Cloudflare DDoS protection and image upload restrictions, we also have a separate content-based alerting layer on top of Lemmy, which allows our admins to quickly notice when something suspicious is going on. As another example, this alerting has allowed us to extremely efficiently deal with a current ongoing spam attack on the Fediverse, and I bet many lemm.ee users aren’t even aware of this attack due to the quick content removal. We will continue to improve our defenses, and hopefully try to limit the impact on real users as much as possible, but some trade-offs are necessary here in order to protect the overall userbase.

The nice thing about Lemmy is that you can always host your own instance, even if it’s only for your own individual use. You can basically use your own instance as a proxy - other instances will not see how or from where you are connecting to your instance.

Large instances are being attacked almost constantly at this point in smaller and bigger ways. Almost all measures we implement to combat these attacks come with some trade-offs for the rest of the userbase.

Or do you mean reports on content now go to the user’s home instance as well?

Yes, exactly.

Also, there’s no way to report a user to their home instance so long as they don’t post anything in a community on their home instance.

This has been fixed in 0.19 thankfully. But for instances running older versions, what you said is still true.

I am not really interested in discussing this with you, as you already have an opinion about lemm.ee and seem intent on spreading false rumors about us. I’ve learned several months ago that no matter how much you give to people for free, there will always be users demanding more, so I don’t think there is any chance of you being interested in what I have to say. I am just responding here, so other users who may end up reading this thread don’t come away with the impression that what you are saying is true.

First of all, no user has ever been banned from lemm.ee for criticizing the admin team. Our admins have banned nearly a thousand users in the past ~7 months (just think about that for a second - that is a massive amount of bullshit our volunteer admins have had to wade through in the span of less than a year), and indeed the mod log is public, so you can easily check the ban reasons, which are consistently related to violations of our basic instance rules.

If any moderation team on any of our communities does not follow our instance rules, then such communities are closed. We have in fact had to do this several times before with some conservative-type communities, mainly because they wanted to push the ideas that some people, based on their identities, are less valuable as humans that others. The current conservative community on the other hand is consistently moderating based on our instance rules, and they have incorporated the no bigotry rule into their community rules as well. If this ever changes, then we will take action, just as we have done previously.

Regarding the allegations against one of the mods, I’m not sure if you’ve seen the event they were referencing, but I think it’s safe to say that this event was extremely misrepresented by the accuser. In any real cases of CSAM, lemm.ee has taken drastic actions. We have purged, banned, defederated, reported to authorities, we have implemented some technical safeguards, and we will continue to take action like this in the future as well.

Let me just finish off by saying that we are a volunteer team giving up our time for free. I realize that users want admins to be perfect and moderate exactly in line with their preferences, but we are humans, we miss things, we make mistakes, and we can not possibly be available 24/7 or read every single piece of content posted by other lemm.ee users.

lemm ee: The owners don’t really moderate and its users reflect this fact. Universally unpleasant userbase.

This is categorically untrue. You can find our administration policy here, and we frequently ban users for breaking our instance rules. At most you could make the claim that we are lenient when it comes to things like heated arguments, as we often give warnings or temporary bans to users in such cases, but on the other hand, our “no bigotry” rule is very strict, and violations have consistently resulted in permanent bans.

We of course don’t screen all posts and comments which our users write, so we can only respond to reports, but I assure you that our admin team is constantly going over and responding to the report queue (which is a big effort, and clearly a thankless job).

By the way, I just want to point out that we have ~3000 active monthly users on lemm.ee, I find it very unlikely that you can make an accurate universal judgement about such a huge group of people.

I’m not sure what the exact circumstances are here, but something to note is that upgrading to 0.19 will mostly just help with outgoing federation (0.19.2 is much more reliable and robust when delivering activities to other instances compared to 0.18). We will start seeing the full benefits of this as more of the network upgrades.

https://matrix.to/#/#lemmy:matrix.org

FYI to all admins: with the next release of pict-rs, it should be much easier to detect orphaned images, as the pict-rs database will be moved to postgresql. I am planning to build a hashtable of “in-use” images by iterating through all posts and comments by lemm.ee users (+ avatars and banners of course), and then I will iterate through all images in the pict-rs database, and if they are not in the “in-use” hash table, I will purge them.

Of course, Lemmy can be improved to handle this case better as well!

As a test, I ran this on a very early backup of lemm.ee images from when we had very little federation and very little uploads, and unfortunately it is finding a whole bunch of false positives. Just some examples it flagged as CSAM:

• Calvin and Hobbes comic
• The default Lemmy logo
• Some random user’s avatar, which is just a digital drawing of a person’s face
• a Pikachu image

Do you think the parameters of the script should be tuned? I’m happy to test it further on my backup, as I am reasonably certain that it doesn’t contain any actual CSAM

Any thoughts about using this as a middleware between nginx and Lemmy for all image uploads?

Edit: I guess that wouldn’t work for external images - unless it also ran for all outgoing requests from pict-rs… I think the easiest way to integrate this with pict-rs would be through some upstream changes that would allow pict-rs itself to call this code on every image.

This approach makes so much sense from a business perspective.

How many here have this experience: out of my entire friend group that I grew up playing video games with, I can’t think of a single person who kept pirating games after acquiring disposable income, even though we all exclusively played pirated games as teenagers. Without piracy, none of us would have had access to any games, and very likely none of us would still be into gaming today, spending probably thousands of euros every year on games, consoles, PC components, etc.

That user has actually not been in contact with any of our admins, I’m not sure why they are claiming otherwise.

In any case, I shared my position on piracy on lemm.ee a few months ago, and it has not changed. TL;DR discussions about piracy are fine, but explicitly facilitating piracy on lemm.ee is not allowed, and if any such content is reported on lemm.ee then I will most likely err on the side of removing it. Having said that, I am not planning to defederate lemmy.dbzer0.com at this point, as they have not been causing any issues for lemm.ee (but, of course, I do reserve the right to re-evaluate federation with any instance if at any point they start causing problems for lemm.ee).

Quoting my original comment about piracy on lemm.ee, just for full context:

There’s nothing inherently illegal about VPNs, P2P, seedboxes, torrents, software for torrents, etc - as a software engineer, I have no trouble understanding that these things all have legal purposes. There can be no realistic case made against someone just because they use (or discuss the use of) any of these things. You can post and comment about stuff like this all day long.

Also: discussing piracy topics in general (like commenting on the legality of it, just saying you do it, whatever) without actually using lemm.ee servers to host anything sketchy is fine as well.

On the other hand, telling people “go to coolpiracywebsite.com to download the latest avengers movie” is very sketchy - you’re not directly distributing anything, but I think a case can be made that this comment is directly facilitating piracy, and if someone sends me a legal letter to remove such a comment, then TBH I will most likely just comply rather than deal with the hassle of trying to figure out how legal it is. Just being frank here - I don’t want to create false expectations of lemm.ee servers being a safe haven for content with sketchy legal status.