cross-posted from: https://lemmy.beyondcombustion.net/post/59302

In an ideal world

Community members volunteer to moderate whatever, I was going to do a form type thing with LimeSurvey because it's a pretty good tool for an application process. That might be excessive tho, anyone can start a community and if one exists from the bot that was post scraping; make a post/comment in it that you want it and poof we'll get it done.

I want to maintain the infrastructure/script/automate, vape herbs, do dabs, wikifi Wiki things, and figured I'd post vape videos w/the GoPro 11 I picked up for eBike shit for fun too.

*actual eBike stuff I'm keeping separate. However, I am starting what will be a ~400 mile trip on the OTET in 30 days; and the farthest the bike i'm taking has been in a single ride so far was ~30 miles. I will be posting videos of me getting high along the way in here with that DeWalt rig and whatever else I stash in my cargo bike bags.

Authentik helps setup admin delegation with LDAP/SSO, so if someone wants to jump into some backend infra lmk and we'll setup something.

This place is for the community. The more people that help maintain this garden for the general good and the less influence I have over the "social" aspect of this, the better IMO.

---

My minimal guidelines would be

1. Be chill, this is a cannabis forum after all.
2. Post links, pics, vids talking about where your fav vape/bong/glass/pipe was from.
3. Don't sell anything consumable on here. No sales of herb, extract, carts, pens, edibles, drinks, tintcures, anything that's a consumable product.
4. DEVICES and ACCESSORIES like a Mighty, Tinymight, some custom glass for a Carta or PuffCo Peak, 510 Mods, log vapes, DIY/One off vapes/pipes/bags/stems/dab tools/Etsy type shit that Etsy bans. That stuff is fine. AT YOUR OWN RISK. And that needs it's own channel/community(communities) if people are interested in an exchange.
5. Provide citations/sources for posts/comments where needed.
6. Openly discuss safety of equipment/devices and cannabis products.
7. Be mindful of what you post on here. The point is to have the whole server indexed by Google and other search providers and keep the space alive/history documented/growing in the future. (AKA Share Knowledge / Share the vibes. / Don't get me arrested plz. )

---

I was messing with configuring the OAuth plugin for Discourse to open that up before doing redarc or the database server work for the Vaporents archives. The postgresql w/Lemmy and other dockers needs pointed outside of their containers too and it made sense to do as much of that DB work at one time as possible.

In the meantime (until there's moderators) lol, if there's an issue w/something email support@beyondcombustion.net or send myself or one of the couple mods we do have @XpeeN@sopuli.xyz and @Loki so far a DM here (or on another subdomain) and we'll help out.

cross-posted from: https://lemmy.world/post/1495501

Idea: if you mod a community on a lemmy.somewhere you should be able to migrate it to lemmy.elsewhere which would include all post & comment links being forwarded and subbed users having their subscription updated to reflect the new location.

I'm aware this would be a way down the road as user account migration alone is still not great but it would be a great feature for the fediverse to have to avoid centralisation and mod/server admin wars.

cross-posted from: https://lemmy.federate.cc/post/4824

Just thought I'd share this since it's working for me at my home instance of federate.cc, even though it's not documented in the Lemmy hosting guide.

The image server used by Lemmy, pict-rs, recently added support for object storage like Amazon S3, instead of serving images directly off the disk. This is potentially interesting to you because object storage is orders of magnitude cheaper than disk storage with a VM.

By way of example, I'm hosting my setup on Vultr, but this applies to say Digital Ocean or AWS as well. Going from a 50GB to a 100GB VM instance on Vultr will take you from $12 to $24/month. Up to 180GB, $48/month. Of course these include CPU and RAM step-ups too, but I'm focusing only on disk space for now.

Vultr's object storage by comparison is $5/month for 1TB of storage and includes a separate 1TB of bandwidth that doesn't count against your main VM, plus this content is served off of Vultr's CDN instead of your instance, meaning even less CPU load for you.

This is pretty easy to do. What we'll be doing is diverging slightly from the official Lemmy ansible setup to add some different environment variables to pict-rs.

After step 5, before running the ansible playbook, we're going to modify the ansible template slightly:

cd templates/

cp docker-compose.yml docker-compose.yml.original

Now we're going to edit the docker-compose.yml with your favourite text editor, personally I like micro but vim, emacs, nano or whatever will do..

favourite-editor docker-compose.yml

Down around line 67 begins the section for pictrs, you'll notice under the environment section there are a bunch of things that the Lemmy guys predefined. We're going to add some here to take advantage of the new support for object storage in pict-rs 0.4+:

At the bottom of the environment section we'll add these new vars:

  - PICTRS__STORE__TYPE=object_storage
  - PICTRS__STORE__ENDPOINT=Your Object Store Endpoint
  - PICTRS__STORE__BUCKET_NAME=Your Bucket Name
  - PICTRS__STORE__REGION=Your Bucket Region
  - PICTRS__STORE__USE_PATH_STYLE=false
  - PICTRS__STORE__ACCESS_KEY=Your Access Key
  - PICTRS__STORE__SECRET_KEY=Your Secret Key

So your whole pictrs section looks something like this: https://pastebin.com/X1dP1jew

The actual bucket name, region, access key and secret key will come from your provider. If you're using Vultr like me then they are under the details after you've created your object store, under Overview -> S3 Credentials. On Vultr your endpoint will be something like sjc1.vultrobjects.com, and your region is the domain prefix, so in this case sjc1.

Now you can install as usual. If you have an existing instance already deployed, there is an additional migration command you have to run to move your on-disk images into the object storage.

You're now good to go and things should pretty much behave like before, except pict-rs will be saving images to your designated cloud/object store, and when serving images it will instead redirect clients to pull directly from the object store, saving you a lot of storage, cpu use and bandwidth, and therefore money.

Hope this helps someone, I am not an expert in either Lemmy administration nor Linux sysadmin stuff, but I can say I've done this on my own instance at federate.cc and so far I can't see any ill effects.

Happy Lemmy-ing!

cross-posted from: https://lemmy.world/post/1299831

Hi all,

If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers.

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

How?

This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going.

Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this.

What happens next?

As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see:

1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report:

• Exactly what happened, when.

• The incident response that occurred from instance admins

• Information that might have helped resolve the issue sooner

• Any issues that prevented successful resolution

• What should have been done differently by admins

• What should be improved by developers

• What can be used to identify the next attack

• What tools are needed to identify that information

2. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue.

3. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.