219
submitted 1 year ago* (last edited 1 year ago) by th3raid0r@tucson.social to c/technology@beehaw.org

Look, we can debate the proper and private way to do Captchas all day, but if we remove the existing implementation we will be plunged into a world of hurt.

I run tucson.social - a tiny instance with barely any users and I find myself really ticked off at other Admin's abdication of duty when it comes to engaging with the developers.

For all the Fediverse discussion on this, where are the github issue comments? Where is our attempt to convince the devs in this.

No, seriously WHERE ARE THEY?

Oh, you think that just because an "Issue" exists to bring back Captchas is the best you can do?

NO it is not the best we can do, we need to be applying some pressure to the developers here and that requires EVERYONE to do their part.

The Devs can't make Lemmy an awesome place for us if us admins refuse to meaningfully engage with the project and provide feedback on crucial things like this.

So are you an admin? If so, we need more comments here: https://github.com/LemmyNet/lemmy/issues/3200

We need to make it VERY clear that Captcha is required before v0.18's release. Not after when we'll all be scrambling...

EDIT: To be clear I'm talking to all instance admins, not just Beehaw's.

UPDATE: Our voices were heard! https://github.com/LemmyNet/lemmy/issues/3200#issuecomment-1600505757

The important part was that this was a decision to re-implement the old (if imperfect) solution in time for the upcoming release. mCaptcha and better techs are indeed the better solution, but at least we won't make ourselves more vulnerable at this critical juncture.

you are viewing a single comment's thread
view the rest of the comments
[-] Saik0Shinigami@lemmy.saik0.com 34 points 1 year ago

You ALL have a responsibility to communicate back to lemmy devs to try to stop it.

No I don't. Stop trying to brigade people to an issue. If you have an issue with it... Fork the lemmy UI code and make your own. Or stay on pre 0.18 code.

It's one thing to bring awareness to the issue. It's another to demand that I take action on something that's not only a non-issue for me (and likely many other admins of instances) but that the devs don't have to support. You're not paying them... you're not their mother. You don't get to force them to do anything they don't want to do.

Honestly the captchas that lemmy uses are terrible anyway. https://addons.mozilla.org/en-US/firefox/addon/2captcha-solver/ You can even solve them yourself as a browser extension... There's no point to them in today's world.

[-] Rentlar@beehaw.org 7 points 1 year ago* (last edited 1 year ago)

Exactly, instance admins that want to keep CAPTCHA have two good options here:

  1. Stay on 0.17.x until 0.18.y drops that re-implements CAPTCHA satisfactorily
  2. Fork and modify lemmy to version 0.18-captcha, undo the commit removing the old Captcha code.

I totally get the project maintainers are stubborn but no one has a "responsibility to stop the devs from doing it". It reeks of open-source entitlement.

[-] th3raid0r@tucson.social 3 points 1 year ago

You won't see me making call to action posts for undelivered features or other small-fry items. I'm a dev, I get it.

But there are always times were vulnerabilities come up and a dev might not otherwise know that it's being exploited. It's one thing to have a feature to fix that vulnerability and get to it as part of your own priority list. It's another when that vulnerability is actively impacting the people using the software - that's when getting vocal about an issue is appropriate to help me alter my priorities, IMO.

[-] Rentlar@beehaw.org 3 points 1 year ago

Your concerns about security of the application and community are valid. I get that this is essentially a vulnerability that should be mitigated and fixed. Raising awareness of it is fine.

Where I take issue, I suppose you didn't entirely intend this, is that our responsibility is to put pressure on the main developers to fix the issue before the 0.18 release and dictate their priorities for them.

I would rather we discuss workarounds, mitigation steps in the interim, assist in solving the issues through Pull Requests and discussion on the issues page and forums. I just think it's a bad idea to point blaming fingers at devs for being slow to respond, or badger them to make these changes, when they are volunteering their own time to share Lemmy with us (some also maintaining Jerboa and Lemmy UI at the same time)

With the way the licensing is, I would rather the project be forked by someone that would want to fix the issue. The repo maintainers are entitled to set their own priorities, just like Lemmy instance admins are allowed to determine how they run the server.

[-] th3raid0r@tucson.social 3 points 1 year ago

Thank you for the measured take on this.

You are correct, I don't intend to pressure or cause harm! But I certainly see the results, and it is indeed pressure. As another commenter pointed out, there are many instance admins who work a bit closer to the team on the Matrix chatrooms and that's their preferred method of communication. Now that I know this, I'll let things cool down and join myself. I definitely intend to contribute where I can in the codebase, and I wouldn't dream of escalating to public pressure for smaller concerns.

However, I have a slight, and perhaps pedantic disagreement about making changes. In this case, the request was for not making a change. If it weren't for the fact that the feature was already ripped out it would be as simple as not removing it (or in this case re-working it a bit). I understand that it isn't the current reality, and that it required work to revert - and if not for a ton of spambots, I think It would've been easier to adapt.

Ultimately it will take time to discuss workarounds and help others implement them, and the deadline is ultimately the arrival of the version that drops the older captcha (or was, in this case - it's getting merged back in as we speak - might even be done now). With that reality, I had a sense that this could be an existential problem for the early Threadiverse.

I definitely didn't intend to suggest that the Devs were in any way at fault here. I read the github issues enough to come with the takeaway that a quick (relative to a new feature) reversion to the prior implementation. To me the feedback they were receiving seemed to be "Admins and devs alike are okay moving forward and opinions to the contrary are minimal, let's move forward". It was definitely intended to be a way to communicate using raw numbers (but not harassment). I'd like to think I'm fairly pragmatic in that if it IS working for folks, then that is a contrary opinion, and that it was missing.

Where I definitely failed was my overly emotional messaging. It's certainly not an excuse, but my recent autism diagnosis does at least help explain why I have an extremely strong sense of justice and can sometimes react in ways that are less than productive in some ways.

As for the licensing, I agree! I'm talking to some good friends of mine because I want to take my instance WAY further than most others - goal is a non-profit that answers to Tucsonans and residents of larger Pima county rather than someone not in the community. There's just a lot of features this concept would need that it might diverge so much from the Lemmy vision that it needs to be something new - and hopefully a template for hyper-local social networks that can take on Nextdoor.

[-] Rentlar@beehaw.org 1 points 1 year ago

I can see better where our disagreement is, and I appreciate you being reasonable about it as well. Thank you for that.

Sounds like you have some great plans coming with your Tucson social project. All the best!

load more comments (5 replies)
load more comments (12 replies)
this post was submitted on 20 Jun 2023
219 points (100.0% liked)

Technology

37728 readers
624 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS