Outpost Home

It's update time again!

The Outpost has been successfully updated to Lemmy 0.18.4, the most notable change in this release is that the "View Context" button should now be resolved, allowing you to for example see your original reply when you receive a notification that someone replied to your comment.

That same fix should apply to mobile applications as well, and shouldn't require updates on those apps (assuming the functionality worked in those apps before 0.18.3).

As always, I'll keep this post pinned for 24 hours or so, just for visibility and in case anyone experiences any potential issues that crop up.

Hello folks!

This is just a quick post to notify everyone that The Outpost has been updated to Lemmy 0.18.3 - just like the last couple of releases, I wanted to get it out as quickly as possible (while also giving it enough time to make sure there were no show stopping bugs, release was just barely over 24 hours ago) since it includes some nice optimizations.

Some of those nice optimizations include:

• Security improvements
• SQL query optimizations (which should lead to better and more consistently stable response times hopefully)
• Fixes to the post rank calculations (should resolve random 1 month+ old posts from showing up in the "Hot" / "Active" feeds)

So far everything looks good, but if you happen to see anything that looks out of place please don't hesitate to let me know!

Are you a fan of good-looking graphs? We've got them!

Hello everyone! A couple of weeks ago I made a tool for Lemmy instance admins to export statistics from a Lemmy Postgres database over to InfluxDB, which is a database that specializes in time-series based data. The idea being to allow people to track stats about their instance (such as the amount of comments, posts, etc that it knows about) over time.

I've put together a Grafana instance for The Outpost, and a dashboard is available here to allow everyone to get an overview on how things are looking over here. I try to be as transparent as possible when providing services that others use, so I have no problem with this being public.

There is no sensitive data, the InfluxDB source itself only has totals/counts - for example, it "knows" how many comments have been made by people on this instance, but it doesn't know who made those comments. That data is only known to Lemmy itself, and its own database which cannot be connected to from the outside world.

I also do not mind the dashboard link being passed around to others, which probably doesn't need to be explicitly stated for obvious reasons (if its on the internet, its already public by nature of the internet) but I figured I'd do so just in case!

The metrics at the top section (labeled "Extras") should be taken with a grain of salt, as I'm definitely not a statistics expert so putting those functions together to get that data is purely a "best guess" at how to calculate those (more so the second row - "Rate of Incoming Comments", and "Avg # of New Comments/Posts Every 5m" as the heatmaps are pretty easy and self-explanatory to put together).

For some reason the breakdown charts under the Registration section don't render correctly on the public/unauthenticated version of the dashboard (along with the "nice" labels I've set on all of the graphs on that page) but they're just pie charts of the user/email overview charts that they are right next to. Public Dashboards in Grafana are considered a beta feature so I suspect its just a bug.

Just to make sure the backend metrics database doesn't get inadvertently slammed, the unauthenticated version of the dashboard is set to only auto-refresh every 5 minutes but manually refreshing the page will pull updated versions of all the stats in case you're curious about how it changes on a minute basis (the data is only exported from Lemmy->Influx every minute, so refreshing the page every 30 seconds for example won't really have any effect).

I also have totally not spent a large amount of time having this dashboard open on my second monitor just watching the numbers, colors, and graphs change - that would be silly! It would also be incredibly silly for me to encourage you to do the same thing!

I'll skip pinning this post as its not really a critical announcement, but nonetheless if you have any questions about this I'm happy to answer them for you!

First things first, this instance has not been affected by the cross-site scripting exploit that has impacted a few of the larger instances - just wanted to quell any potential sources of panic.

TL;DR for the rest of the post - we're not impacted by this issue, but just as an added precaution everyone has been signed out and you'll need to sign back in.

This exploit appears to be coming from Lemmy's Markdown parser when handling custom emojis - we do not have any here. Custom emojis from remote/federated instances do not seem to trigger the issue either.

That being said, since this exploit was using custom emojis as a way of hijacking gathering JWTs to then be able to login on behalf of others, I've force expired all login sessions across the instance as an added precaution. This impacts both the standard web interface, and any mobile/third party apps that use the Lemmy API.

If you're reading this after logging back in, you're good to go - some mobile apps may not properly notify you however that you're not logged in since not all API actions require authentication (for example, the API wouldn't require auth to access this post) and thus may not re-prompt you.

I'd recommend just logging out of any mobile apps you were signed into, and then log back in, which will generate a new token and prevent you from getting not_logged_in errors when you do finally try to perform an action that requires authentication (such as viewing your inbox, or casting votes).

Additionally, as of the time of current writing, Beehaw is offline from their end so if you're subscribed to any of their communities you won't see updates from that community at all (in terms of new comments, posts, votes, etc) until they come back online - any content that our instance already knows about of course is still available, but if you try to reply to one your comment won't be visible on their side.

I'll be watching the various instance admin groups for updates on this issue, and I see there is already a pull request opened against Lemmy-UI (the frontend for Lemmy) to fix the root issue. As soon as a release is provided with the patch I'll do another immediate upgrade to as well.

If anyone has any questions, please don't hesitate to let me know - apologies if you're like me and have 7 different Lemmy apps downloaded that need to all be re-signed into 😅

Hello all!

As a heads up, I've gone ahead and processed a rollout of Lemmy 0.18.1 which was just released.

Generally, for updates I like to create a maintenance window a couple of days ahead of time and communicate this, just in case something were to go wrong then no one is left in the dark as to what is happening - however, Lemmy 0.18.1 contains some very important performance and federation fixes so I felt it was best to just go ahead and upgrade ASAP.

Of course, the VM that this instance runs on is backed up automatically every day twice, and I always take a backup right before making any changes as well.

Backups are taken as snapshots of the whole VM, but snapshots can be a bit slow to restore due to the time it takes to pull the VM's storage from my backups server (which is in the same datacenter but there are still other factors that impact the time it takes to read->stream/transmit->write the backup back onto the VM) so in the case of a restore being needed, performance would most likely experience some degradation and is also time that federated data would vanish (from the period that the restore was started to the time it ended). This is why the maintenance window for upgrades is always an hour at minimum.

Thankfully, from what I understand, 0.18.0 -> 0.18.1 didn't result in too many major database changes, which is where the biggest chance for things to go wrong come from (due to database migrations not getting properly applied), but there were still some in general.

Anyways, enough rambling from me - we're all set now, but as always if you happen to see anything go wrong, please don't hesitate to let me know and I'll personally be of course looking out as well (which is why I don't do upgrades when I'm about to go to sleep!) through general usage and keeping an eye on the server logs (its amazing how fast they fly through given that every single federated action generates a new line).

I'll keep this post pinned for a couple of days just as an easy way to report any potential problems.

I came across a thread earlier that was asking others about this, and I shared how it came about for this instance, and decided that it would be a good dedicated post here in general just in case anyone is curious:

I started a habit a while back ago of naming any servers I run based off of names from Greek mythology - my primary server is Zeus but most forms of just "Zeus" in domain form are already taken. Similarly, I call the quasi-internal network that this server runs (since it's a hypervisor) "ZeusNet"...

Problem with that name is "ZeusNet.net" is redundant and would irk me, I wanted something that still ends with the .net TLD (though my personal domain ends with .network).

Thus, zeuslink.net is what I came up with given that "link" can mean "network" and the combination isn't as redundant as "...net.net"!

Funnily enough, originally my instance was originally under the colony subdomain which I quite liked... But unfortunately I didn't set things up properly due to how I have everything else setup, and I had already dipped just enough in the federation that when I reset everything so that it actually worked properly, the keys that my server identified with no longer matched which broke my ability to federate properly. Which then forced me to reset everything again under a completely different subdomain (I'm glad it was on a subdomain instead of the root domain for that reason) since Lemmy doesn't have a "self destruct" option like Mastodon has (which tells all connected instances "Hey, I'm going down - forget you knew me" as far as I understand it).

And that, is the story of how we ended up with the name "[The] Outpost" on the domain zeuslink.net!

Hello everyone!

Its almost time for another Lemmy update, this time to a fairly major release! I've held back on updating our instance here immediately just to make sure there are no ground-breaking issues, however it seems like no one is reporting any major issues with 0.18.0 which is a good sign.

Assuming nothing comes up, The Outpost will be updating to 0.18.0 on Tuesday @ 3AM UTC and a maintenance notice will be provided on the status page just like last time to provide communication of the update.

One small caveat is that the captcha will not be available in 0.18.0 (and will return in 0.18.1) which while isn't a guaranteed deterrent against bots, it is at least something. Like a good chunk of instances out there, signing up requires approval via an application which looks like this:

To verify that you are human, please explain why you want to create an account on this site (or simply, your favorite food will do as well!)

However it wouldn't exactly be that hard to tie in a LLM to provide a generated response, and there are reports of exactly that occurring already.

So, in effort to try to combat against bot/spam registrations, The Outpost will be requiring email verification in order to register for an account (which was actually already the case at the very start of this instance's lifecycle, but due to reported bugs with 0.17.3 it was disabled to make sure it wasn't preventing legitimate users from signing up / logging in).

To those who do not know why bots/spam is a bad thing aside from the obvious, it can cause harm to remote communities/instances, and that goes against one of the core rules of this instance.

That being said, anyone who has an account here has been "grandfathered in" so to speak - or in other words, all current accounts have been marked as having their email verified (and if an email wasn't originally provided, a [email protected] was filled in just to make sure Lemmy didn't "freak out" over a verified-but-blank email address).

Do note: Updating your email address will trigger re-verification as to be expected, and to my knowledge you won't be able to log back in until the new address has been verified.

At some point if there is a better alternative to combating bot/spam applications then email verification can be disabled again (thus making providing an email address optional).

For new folks who are wanting to potentially register at The Outpost (or many of the other Lemmy instances that require email verification) if you do not want to give out your main email address I'd recommend using something such as Firefox Relay (which is what I use), Apple's "Hide My Email" service, any other similar service, or even just a burner email address (you only need it to confirm your account, though it is also the only way to reset your password should you lose access to your account).

If you have any questions or concerns, please don't hesitate to let me know (via a comment, a DM, or on Matrix.

Edit: We should be all set now! I'll leave this post pinned over the next day as a "just in case" though.

Hello!

The Outpost will be undergoing maintenance to perform an update for Lemmy at 3AM UTC. The maintenance window covers an hour, though I do not expect the update will actually take that long to process.

Should any hiccups arise during this period, notes will be posted on The Outpost's status page.

Hello, World!

Welcome aboard to Lemmy and The Fediverse! I hope you enjoy your stay.

Please feel free to say hello, ask questions, or to report any issues you see.