Bij de Europese verkiezingen aanstaande donderdag doet een Nederlandse partij mee die gesteund wordt door organisaties die zijn verbonden aan de Chinese Communistische Partij. Dat melden RTL Nieuws en Follow The Money (FTM) op basis van eigen onderzoek.

This version patches the security vulnerability related to custom emoji’s.

cross-posted from: https://lemmy.ml/post/1390029

cross-posted from: https://popplesburger.hilciferous.nl/post/9969

After setting up my own Lemmy server, I've been intrigued by the server logs. I was surprised to see some search engines already start to crawl my instances despite it having very little content.

I've noticed that most requests seem to come in from IPv4 addresses, despite my server having both an IPv4 and an IPv6 address. This made me wonder.

IPv4 addresses are getting more scarce by the day and large parts of the world have to share an IPv4 address to get access to older websites. This often leads to unintended fallout, such as thousands of people getting blocked by an IP ban from a site admin that doesn't know any better, as well as anti-DDoS providers throwing up annoying CAPTCHA pages because of bad traffic coming from the shared IP address. Furthermore, hosting a Lemmy server of your own is impossible behind a shared IP address, so IPv6 is the only option.

IPv6 is the clear way forward. However, many people haven't configured IPv6 for their hosts. People running their own Lemmy instances behind an IPv6 address won't be able to federate with those servers, and that's a real shame.

Looking into it

So, I whipped up this quick Python script:

import requests
import sys
import socket
from progress.bar import Bar

lemmy_host = sys.argv[1]

site_request = requests.get(f"https://{lemmy_host}/api/v3/site").json()

hosts = site_request['federated_instances']['linked']

ipv4_only = []
ipv6_only = []
both = []
error = []

with Bar('Looking up hosts', max=len(hosts)) as bar:
    for host in hosts:
        host = host.strip()

        try:
            dns = socket.getaddrinfo(host, 443)
        except socket.gaierror:
            error.append(host)

        has_ipv4 = False
        has_ipv6 = False
        for entry in dns:
            (family, _, _, _, _) = entry

            if family == socket.AddressFamily.AF_INET:
                has_ipv4 = True
            elif family == socket.AddressFamily.AF_INET6:
                has_ipv6 = True

        if has_ipv4 and has_ipv6:
            both.append(host)
        elif has_ipv4:
            ipv4_only.append(host)
        elif has_ipv6:
            ipv6_only.append(host)
        else:
            error.append(host)
        
        bar.message = f"Looking up hosts (B:{len(both)} 4:{len(ipv4_only)} 6:{len(ipv6_only)} E:{len(error)})"
        bar.next()

print(f"Found {len(both)} hosts with both protocols, {len(ipv6_only)} hosts with IPv6 only, and {len(ipv4_only)} outdated hosts, failed to look up {len(error)} hosts")

This script fetches the instances a particular Lemmy server federates with (ignoring the blocked hosts) and then looks all of them up through DNS. It shows you the IPv4/IPv6 capabilities of the servers federating with your server.

I've run the script against a few popular servers and the results are in:

Results

Server	IPv6 + IPv4	IPv6 only	IPv4	Error	Total
Lemmy.ml	1340	3	1903	215	3461
Beehaw.org	807	0	1105	74	1986
My server	202	0	312	4	518

It seems that over half (55%+) the servers on the Fediverse aren't reachable over IPv6!

I'm running my own server, what can I do?

Chances are you've already got an IPv6 address on your server. All you need to do is find out what it is (ip address show in Linux), add an AAAA record in your DNS entries, and enable IPv6 in your web server of choice (i.e. listen [::]:443 in Nginx). Those running a firewall may need to allow traffic through IPv6 as well, but many modern firewalls treat whitelist entries the same these days.

Some of you may be running servers on networks that haven't bothered implementing IPv6 yet. There are still ways to get IPv6 working!

Getting IPv6 through Tunnelbroker

If you've got a publicly reachable IPv4 address that can be pinged from outside, you can use Hurricane Electric's Tunnelbroker to get an IPv6 range, free of charge! You get up to five tunnels per account (each tunnel with a full /64 network) and a routed /48 network for larger installations, giving you up to 65k subnets to play with!

There are lots of guides out there, some for PfSense, some for Linux, some for Windows; there's probably one for your OS of choice.

Getting IPv6 behind CGNAT

Getting an IPv6 network through a tunnelbroker service behind CGNAT is (almost) impossible. Many ISPs that employ CGNAT already provide their customers with IPv6 networks, but some of them are particularly cheap, especially consumer ISPs.

It's still possible to get IPv6 into your network through a VPN, but for serving content you'll need a server with IPv6 access. You can get a free cloud server from various cloud providers to get started. An easy way forward may be to host your server in the cloud, but if you've got a powerful server at home, you can just use the free server for its networking capabilities.

Free servers are available from all kinds of providers, such as Amazon(free for a year), Azure(free for a year), Oracle(free without time limit). Alternatively, a dedicated VPS with IPv6 capabilities can be as cheap as $4-5 per month if you shop around.

You can install a VPN server on your cloud instance, like Wireguard, and that will allow you to use the cloud IPv6 address at home. Configure the VPN to assign an IPv6 address and to forward traffic, and you've got yourself an IPv6 capable server already!

There are guides online about how to set up such a system. This gist will give you the short version.

Final notes

It should be noted that this is a simple analysis based on server counts alone. Most people flock to only a few servers, so most Lemmy users should be able to access IPv6 servers. However, in terms of self hosting, these things can matter!

cross-posted from: https://lemmy.cat/post/6385

It is currently possible, through Lemmy's API, to create accounts automatically and without limit if verification by email address or captcha is not activated. I'd advise you to activate one or both of them NOW!

After registering x number of accounts (currently I could do thousands), all you have to do is list all the existing communities for each of the account to publishes one new post per community, or more. I'll leave you to picture the mess.

(I apologise to the administrators of sh.itjust.works, I should have done the test with my own server.)

Last time we discussed how to set up Lemmy locally, this time we will discuss setting up Lemmy in production mode on a Rasberry Pi with functioning image upload by using Docker. This time we have to deviate more from the official guide as some things don’t seem to work. To follow this guide, you will need a basic understanding of the terminal and a Raspberry Pi 3 or 4 (I have only tested this on the Raspberry Pi 4). If you are on Windows 10 or 11 you can use OpenSSH in PowerShell.

Setting up the Raspberry Pi

To prepare an SD card for the Raspberry Pi, download the Raspberry Pi Imager. Insert the SD card, select the Raspberry Pi OS Lite (64-bit) and make sure you pick the SD card for Storage. You could pick the full version of the OS, but make sure you pick a 64-bit version of Debian Bullseye. Before clicking “Write”, go click on the settings icon and enable ssh. You can also set up a user, hostname, authorization keys and WiFi.

Now insert the card into your Raspberry Pi, connect power and you should be able to ssh to the pi. So, with the default pi user, that would be ssh pi@raspberrypi.

Installing Docker

To install Docker we have to follow the Docker Debian installation guide (The Raspian guide leads to a configuration that won’t be able to find any stable docker installation).

First, we have to install the dependencies for adding the new repository:

sudo apt-get update

sudo apt-get install ca-certificates curl gnupg

Add Docker’s official GPG key:

sudo install -m 0755 -d /etc/apt/keyrings

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

sudo chmod a+r /etc/apt/keyrings/docker.gpg

And set up the Docker repository: echo \ "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Now we can install docker and docker-compose:

sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-compose

To be able to run docker command without using sudo we have to add our current user to the Docker group:

sudo groupadd docker

`sudo usermod -aG docker $USERz

newgrp docker

Configuring Lemmy

We need to download a few configuration files. The configuration files listed in the guide don’t support Arm64, so I took the files from Lemmy 1.17.3 and modified them, so they pick the ARM version of the docker images. The NGINX configuration does work, but it is included to make the download simpler:

curl https://gist.githubusercontent.com/Fireblade75/95a0dfa7abbedff554eb9109434060cd/raw/5cf6eddbe706dd25b84234ce619f18a4faca854a/docker-compose.yml -o docker-compose.yml

curl https://gist.githubusercontent.com/Fireblade75/95a0dfa7abbedff554eb9109434060cd/raw/5cf6eddbe706dd25b84234ce619f18a4faca854a/lemmy.hjson -o lemmy.hjson

curl https://gist.githubusercontent.com/Fireblade75/95a0dfa7abbedff554eb9109434060cd/raw/5cf6eddbe706dd25b84234ce619f18a4faca854a/nginx.conf -o nginx.conf

If you want to change the default password of the database, make sure that you change it both in the docker-compose file and the lemmy.hjson configuration.

Now we can run docker-compose up, this downloads all the containers and starts the Lemmy server. Check the logs for errors and see if there is anything we still need to solve. When the services are done starting, we can stop the cluster again by pressing control + C.

A problem I had was that the image server did not get the right permissions to the location where it wants to store its files. To solve this, we simply have to run the following command:

sudo chown -R 991:991 volumes/pictrs/

Running Lemmy

When all errors are solved, we can start the cluster in detached mode. Let’s first destroy the containers by using docker-compse down. And after that we can run docker-compose up -d. The containers should start now, but this time docker-compose is running in detached mode, this mode does not block the terminal and lets Docker run in the background.

You now have a working installation of Lemmy on a Raspberry Pi. It listens to port 80, so you should be able to navigate to it from other devices in your network. For example, by going to http://raspberrypi/ . The default user is lemmy and its password is lemmylemmy, this is configured inside the lemmy.hjson file. If you later want to update Lemmy to a newer version, you can just change the version of the Docker images inside the docker-compose file.

Hopefully this helped you understand how to set up Lemmy, if you have any question please ask.

Ik zag dat ze bij Beehaw nu één stijl aan icoontjes aan houden. Dat ziet er erg leuk en herkenbaar uit. Natuurlijk is het ook goed dat je gewoon een community kan oprichten zonder dat je je daar super druk over hoeft te maken.

Ik vond het zelf alleen wel leuk om iets van een gezamenlijke stijl aan te houden voor de icoontjes die ik maakte, daarom koos ik voor de stijl van onze nu al meestgebruikte community !nieuws@feddit.nl. Wil je ook net zoals !nieuws en !tech@feddit.nl deze stijl aanhouden, dan kan je het SVG-bestand van de Tech community gebruiken als basis: https://gist.github.com/Fireblade75/005f4d398eb67c970bbd2e3f5d77b24f

cross-posted from: https://beehaw.org/post/574562

Here's a laundry list of sort with tons of tools we'd like to see

• Role for approval of applications (to delegate)
• Site mods (to delegate from admins)
• Auto-report posts with certain keywords or domains (for easier time curating without reports)
• Statistics on growth (user, comments, posts, reports)
  • User total
  • MUA
  • User retention
  • Number of comments
  • Number of posts
  • Number of reports open
  • Number of reports resolved
• Sort reports
  • by resolved/open
  • by local/remote
• Different ways to resolved a report
  • Suspend account for a limited amount of time rather than just banning
  • Send warning
• Account mod info
  • Number of 'strikes' (global and local) and reports
  • Moderation notes
  • Change email
  • Change password
  • Change role
• Ability to pin messages in a post
• Admins should be able to purge
• Filter modlog to local
• Better federation tools (applications to communities, limiting)
  • Applications to communities to allow safe spaces to exist (people should not be able to just "walk in" on a safe space - similarly to follow requests in Mastodon in a way)
  • Limiting (Lock our communities down from certain instances but still allow people using our instance to talk to people from those instances)

Obviously considering the moment when this is being made - federation tools are our highest priority.