It’s the same as with Linux, GIMP, LibreOffice or OnlyOffice. Some people are so used to their routines that they expect everything to work the same and get easily pissed when not.
This isn’t just open-source software; it’s also a collection of servers run by hobbyists.
There is no business here at all. You’re not the product, but you’re also not the customer — because there is no customer. What you’re seeing here is a strictly nonprofit Internet service provided by people who just want to make one.
Which makes Karen behaviour even worse and incomprehensible but most people are humble and don’t care to much about some minor problems and a little learning curve
the slight technical competency needed to navigate the fediverse might help keep low-quality users away and mitigate the “summer reddit” effect.
A Karen is a (mostly female) person who demands special treatment for no specific reason, who permanently feels mistreated and set back compared to others and someone who always wants to talk to the highest available employee in expectation this person would take her side and take inappropriate measures against the one that “did her wrong”
This is why I have 4 different apps to surf Lemmy. When one app is acting up I just switch to another. For example I was just barely scrolling in Jerboa but getting a bunch of network errors so I switched to Connect which is where I’m posting this comment. I’m totally down with being patient with Lemmy for the time being. Anything to get away from R*****
I am also waiting, but for Boost for Lemmy.
In the meantime wefwef works well.
I keep switching between Liftoff and Connect because they both have some issues that are resolved in the other.
Connect seems to work better with showing all federated content than Liftoff, but Liftoff allows multiple instances to be logged in at once. Connect has notifications, and Liftoff does not. Liftoff has more user-centered features like actual profile pages that show a background image, bio, and avatar; connect does not.
Neither one have any tools for moderation, though. I am now a mod for Humor (BTW, come post! Let’s make it better than /r/funny ever was!) and I’ve only been able to do actual mod things on the website itself, which is tedious to do on mobile.
I still can’t figure out why I can upvote posts in Memmy but not in Liftoff. I’m Liftoff it keeps responding that I need to be logged into the server but Memmy just lets me upvote. It’s definitely something I am doing wrong but showcases the immense value of app choice.
Probably due to the version of Lemmy on the server. I think it’s because Memmy works with 0.17 but Liftoff doesn’t (fully).
The Lemmy devs made some fundamental changes in how just about everything works in 0.18. Since a lot of apps started development right around 0.18 came out they might not support “the new way” just yet.
It’s another one of those things where you just have to “give it time”. The Lemmy server operators need to upgrade (many were holding off because of missing CAPTCHA support in 0.18) and the app developers still have a lot of kinks to work out. Liftoff has only been out for what? A week now? LOL
I haven’t. I’ll have to check it out while I wait for Sync
Edit: idk if it’s my instance or not but Liftoff absolutely does not want to work. It’s super slow, won’t load, crashes constantly, I tap or try to scroll and nothing happens for about 30 sec to a min then it’ll finally do what I tapped on or it will crash. Not sure what I’m doing wrong lol
I still can’t figure out why I can upvote posts in Memmy but not in Liftoff. I’m Liftoff it keeps responding that I need to be logged into the server but Memmy just lets me upvote. It’s definitely something I am doing wrong but showcases the immense value of app choice.
Have you checked that you’re browsing from your instance? Liftoff has different feeds for different instances and if you go to a post through an instance you don’t have an account on, you won’t be able to vote.
Just go to the homepage and select the feed from the drop-down at the top on an instance you have an account in. I used to face the same problem until I realised what’s going wrong.
Have you checked that you’re browsing from your instance? Liftoff has different feeds for different instances and if you go to a post through an instance you don’t have an account on, you won’t be able to vote.
Just go to the homepage and select the feed from the drop-down at the top on an instance you have an account in. I used to face the same problem until I realised what’s going wrong.
I’m doing the same thing. I have no allegiance like I did with RiF. If one isn’t working, I’ll just move. Give them some time to work out the kinks.
Literally here posting from Connect because of constant issues with Jerboa lately.
I have four apps installed just for this. Reminds me of when I first played around with a bunch of Reddit apps before I honed in on my favorite.
I also currently have accounts on two different instances (one being kbin and one a lemmy instance) to better be able to switch to whatever features I most want (right now, Lemmy gets pretty much all the apps and has collapsible comments, so I’m leaning towards it) and also to switch between during downtime. The small size of individual instances means downtime is inevitible.
(Though I sure hope we get a better way to do this in the future – even just syncing your subscriptions is currently a pain.)
Try wefwef.app (go to this website and install it as an app/add it to your homescreen), it’s simply amazing.
As for network errors, try switching to an instance close to your house with a low ping, it’ll make a big difference. Go to https://fediverse.observer/map and select Lemmy instances.
As someone who used Reddit when it was first released, Lemmy is 10x better than Reddit v0.1 and obviously better than current Reddit.
I guess as a user I didn’t see the back-of-house tools for mods and admins, but so far Lemmy is at least competitive. There are risks with server security and threat of being hacked, along with the size of the team.
There are risks with server security and threat of being hacked
[Citation Needed]
. I’m a security professional (my day job involves auditing code). I had a look through the Lemmy source (I’m also a Rust developer) and didn’t see anything there that would indicate any security issues. They made good architecture decisions (from a security perspective).
NOTES ABOUT LEMMY SECURITY:
User passwords are hashed with bcrypt which isn’t quite as good a choice as argon2 but it’s plenty good enough (waaaaay better than most server side stuff where developers who don’t know any better end up using completely inappropriate algorithms like SHA-256 or worse stuff like MD5). They hard-coded the use of DEFAULT_COST
which I think is a mistake but it’s not a big deal (maybe I’ll open a ticket to get that changed to a configurable parameter after typing this).
I have some minor nitpicks with the variable naming which can lead to confusion when auditing the code (from a security perspective). For example: form_with_encrypted_password.password_encrypted = password_hash;
A hashed password is not the same thing as an “encrypted password”. An “encrypted password” can be reversed if you have the key used to encrypt it. A hashed password cannot be reversed without spending enormous amounts of computing resources (and possibly thousands of years in the case of bcrypt at DEFAULT_COST
). A trivial variable name refactoring could do wonders here (maybe I should submit a PR).
From an OWASP common vulnerabilities standpoint Lemmy is protected via the frameworks it was built upon. For example, Lemmy uses Diesel for Object Relational Mapping (ORM, aka “the database framework”) which necessitates the use of its own syntax instead of making raw SQL calls. This makes it so that Lemmy can (in theory) work with many different database back-ends (whatever Diesel supports) but it also completely negates SQL injection attacks.
Lemmy doesn’t allow (executable) JavaScript in posts/comments (via various means not the least of which is passing everything through a Markdown compiler) so cross-site scripting vulnerabilities are taken care of as well as Cross Site Request Forgery (CSRF).
Cookie security is handled via the jsonwebtoken
crate which uses a randomly-generated secret to sign all the fields in the cookie. So if you tried to change something in the cookie Lemmy would detect that and throw it out the whole cookie (you’d have to re-login after messing with it). This takes care of the most common session/authentication management vulnerabilities and plays a role in protecting against CSRF as well.
Lemmy’s code also validates every single API request very robustly. It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user’s cookie (it’s a JWT thing).
Finally, Lemmy is built using a programming language that was engineered from the ground up to be secure (well, free from bugs related to memory management, race conditions, and unchecked bounds): Rust. The likelihood that there’s a memory-related vulnerability in the code is exceptionally low and Lemmy has tests built into its own code that validate most functions (clone the repo and run cargo test
to verify). It even has a built-in test to validate that tampered cookies/credentials will fail to authenticate (which is fantastic–good job devs!).
REFERENCES:
- Use of
DEFAULT_COST
: https://github.com/LemmyNet/lemmy/blob/050216eed97380c8c1682ba065cf5e62f0961934/crates/db_schema/src/impls/local_user.rs#L18C20-L18C32 - How actix-web stores cookies: https://docs.rs/actix-web/latest/actix_web/cookie/struct.Cookie.html
jsonwebtoken
EncodingKey: https://docs.rs/jsonwebtoken/8.3.0/jsonwebtoken/struct.EncodingKey.html
It not only verifies that any given incoming request is in the absolute correct format it also validates the timestamp in the user’s cookie (it’s a JWT thing).
This is false.
Lemmy’s JWTs are forever tokens that do not expire. They do not have any expiration time. Here is the line of code where they disable JWT expiration verification.
Lemmy’s JWTs are sent via a cookie and via a URL parameter. Pop open your browser console and look at it.
There is no way to revoke individual sessions other than changing your password.
If you are using a JWT cookie validation does not matter, you need to have robust JWT validation. Meaning JWTs should have short expiration times (~1hr), should be refreshed regularly, and should be sent in the header.
better? there is still so much subreddit not migrating here, saying it is better is just exaggeration
Seemed like this discussion was about the technical capabilities, not the user generated content. Anyway if you compare the beginning of reddit (e.g., the early days after digg’s implosion) to lemmy today, I’d bet lemmy is doing just fine on the content side too. And even leaving that aside, there’s a quality over quantity aspect in the discussions that heavily leans in lemmy’s favor.
Somewhat agree, but don’t get me started on a Gimp. To think that gimp was build to be a tool analogous to Photoshop (PS) is naive. It was born to demonstrate GTK GUI widgets and to check boxes on feature list (of supposedly paint program analogous to PS) from programmers perspective at most. Ok, they did the thing, checked the boxes, used all widgets, demonstrated that it works and from that day on it had and still has totaly inneficient workflow compared to PS and nobody cares about that. Answer to sugestions is almost always half assed, apple soused - you are holding it wrong, we are not PS. :)
My 2 cents, you can learn Gimp, you can adjust yourself to it, but if you have ever worked on PS and were good at it (with all its workflow, shortcuts, up to the level where you work one hand on keyboard, having most toolboxes hiden out of your view, etc…) you’ll still feel gimpy. It’s like comparing of giving commands to the gnome with an axe versus to an elf with a whole bunch of efficient specialised tools, spells and workflows – both trying to create art. I don’t use PS daily for how much, maybe >8 years and use Gimp weekly for about 12years – I say, it is still gimpy as f… And I’m programmer not a designer, designers usualy just hate it. I on another hand understant it (and it’s history) and take it as it is, as an inferior gimpy cousin of PS :)
There’s the answer I was looking for!
I watched a 3-hour Krita beginner’s tutorial (can’t remember the exact video but the narrator had a strong French accent) and he explained so many tricks and tips - hold down Ctrl to do this, hold down Shift to do another thing - that might not be intuitive from just poking around. But Krita really is the “built by artists, for artists” program once you have a keyboard & tablet config that fits one’s personal workflow.
I would have if you hadn’t already.
Though TBH if you’re a mouse user gimp might actually be better… but practically noone doing serious graphics work is using a mouse. And it’s not like in Blender where you might switch back and forth: Krita is tablet zen, make sure to read at least a bit of the manual.
There’s a plugin called PhotoGIMP to make it look like PS.
And there’s also Photopea, I used it to make my community icon.
Thanks for trying to help or give hints. I’m good as it is with what tools I use for work. Having in mind nessesity, licence or ownership costs for bussines, hardships with new team mates expectations of using or not using particular tool, learning, etc… Acceptance, it is just a last stage :)
As for PhotoGIMP – I thank for the effort the team (I cheer for them), but the pig with a lipstick is still a pig, or in this case a gimp is a gimp :) I’ve personaly been on this path for the first 2-4 years of using gimp, during the denial-anger-bargaining stages. Then decided, or just naturaly learned and arrived to accepting Gimp for as it is, as an inferiour workflow tool, partialy usefull and replaceable as soon as there is a beter tool at hand for the task. E.g. I use ImageMagic directly from bash command line (generating icons, resizing, converting formats, filling backgrounds, etc…) using my own oneliners or scripts from notes.
As for Photopea – it gives a surprisingly good online photoshoplike editor feeling. Have used it several times this year. Looks like it was made thinking about usability and workflows sanity.
Paint.NET is lovely, I used to use it a lot for simple image editing tasks, but it’s windows-only and by no means a replacement for Photoshop.
To think that gimp was build to be a tool analogous to Photoshop (PS) is naive. It was born to demonstrate GTK GUI widgets and to check boxes on feature list
GTK literally means “gimp tool-kit” GTK exists because of gimp and not the other way around. Also. Take a look at what Photoshop looked like in 1996 (around Gimp initial release), and tell me that’s nothing like the gimp. They used to be pretty similar, but their evolutions diverged. Gimp just choosed to stick with the familiar interface, even in the light of PS’ changes. Also PS had tens of millions invested in developing it. Had gimp got a tenth of those resources things would be pretty different for both projects.
You are reasoning with your own conclusion that in the context of the question about workflow efectivenes, acceptance by users, tool usefullness it does somehow matter much or in any way – was it the library created as an afterthought or a tool created as a try to use library, or both where born at the same time. :) Who cares. It demoes everything GTK has/had, it was/is clone of photohop idea and they lost it long long ago, as it is now much less efective in it’s workflows. If it was otherwise, the industry standard would be Gimp, but it is just a gimmics of it.
P.S. I’m 100% linux user, my servers linux, my desktop linux, my phone android (ok, that is halfassed linux :) ), my tools and software used, if and then possible, all are opensource and/or free. And still, after many years beeing totaly in FOSS enviroment, I just can’t deny the worfly earned pedestal to Photoshop in its area of expertise. That is not to say that Gimp is somehow bad, by me it’s just a remote next, and it doesn’t even try to run to the same direction :) and it is his choise.
I feel also that gimp as a default for linux sucks. As someone that does not edit photos and just wants to edit some screenshot or make a shitty meme I want a default paint alternative. I’m amazed that it was only when I used mint that the void left by paint was filled with “drawing”
I’ve always used gimp and never found it confusing or very irritating. Not necessarily pretty. Whenever I checked out alternatives I went back to gimp.
I am a reddit refugee and just down for fun ride on the bleeding edge. I am finding a lot of the same communities here and I am happy that Lemmy is here to fill the void.