Is there, or is there going to be, a way to "follow" Lemmy users apart from subscribing to communities?

Title. Just curious if there's any workarounds (like external hosting or linking to Pixelfed albums), or any solutions on the horizon, since I haven't seen any posts about it, at least not recently.

Hi fellow admins,

Just wanted to share a quick tip about reducing server load.

Before implementing these Cloudflare rules, my server load (on a 4-core Ubuntu box) was consistently between 3.5 and 4.0. Now, it's running much smoother, around 0.3 server load.

The best part? It only took 3 rules, and they all work with the Cloudflare free plan.

The order of the rules are important, so please pay attention.

Allowlist

This rule is set first in order to avoid friction with other fediverse servers and good crawlers. Use the action Skip

(http.user_agent contains "Observatory") or

(http.user_agent contains "FediFetcher") or
(http.user_agent contains "FediDB/") or
(http.user_agent contains "+fediverse.observer") or
(http.user_agent contains "FediList Agent/") or

(starts_with(http.user_agent, "Blackbox Exporter/")) or
(http.user_agent contains "Lestat") or
(http.user_agent contains "Lemmy-Federation-Exporter") or
(http.user_agent contains "lemmy-stats-crawler") or
(http.user_agent contains "lemmy-explorer-crawler/") or

(starts_with(http.user_agent, "Lemmy/")) or
(starts_with(http.user_agent, "PieFed/")) or
(http.user_agent contains "Mlmym") or
(http.user_agent contains "Photon") or
(http.user_agent contains "Boost") or
(starts_with(http.user_agent, "Jerboa")) or
(http.user_agent contains "Thunder") or
(http.user_agent contains "VoyagerApp/") or

(cf.verified_bot_category in {
    "Search Engine Crawler"
    "Search Engine Optimization" 
    "Monitoring & Analytics"
    "Feed Fetcher"
    "Archiver"
    "Page Preview"
    "Academic Research"
    "Security"
    "Accessibility"
    "Webhooks"
  }
  and http.host ne "old.lemmy.eco.br"
  and http.host ne "photon.lemmy.eco.br"
) or

(http.user_agent contains "letsencrypt"
  and http.request.uri.path contains "/.well-known/acme-challenge/"
) or

(starts_with(http.request.full_uri, "https://lemmy.eco.br/pictrs/") and 
  http.request.method eq "GET" and not 
  starts_with(http.user_agent, "Mozilla") and not 
  ip.src.asnum in {
    200373 198571 26496 31815 18450 398101 50673 7393 14061
    205544 199610 21501 16125 51540 264649 39020 30083 35540
    55293 36943 32244 6724 63949 7203 201924 30633 208046 36352
    25264 32475 23033 31898 210920 211252 16276 23470 136907
    12876 210558 132203 61317 212238 37963 13238 2639 20473
    63018 395954 19437 207990 27411 53667 27176 396507 206575
    20454 51167 60781 62240 398493 206092 63023 213230 26347
    20738 45102 24940 57523 8100 8560 6939 14178 46606 197540
    397630 9009 11878 49453 29802
})

1. The User Agent contains the name of known Fediverse crawlers, and monitoring tools (e.g., "Observatory", "FediFetcher", "lemmy-stats-crawler").
2. The User Agent contains the name of known Lemmy mobile and frontends (e.g., "Jerboa", "Boost", "VoyagerApp").
3. The request comes from Cloudflare-verified bots in specific categories (like "Search Engine Crawler" or "Monitoring & Analytics") and is not targeting the specific hosts "old.lemmy.eco.br" or "photon.lemmy.eco.br" where I host alternative frontends.
4. The request is a Let's Encrypt challenge for the domain (used for SSL certificate renewal).
5. The request is a specific type of GET request to the "pictrs" image server that does not come from a standard web browser (a User Agent starting with "Mozilla") and does not originate from a list of specified Autonomous System Numbers (ASNs), this ASNs are all from VPSs providers, so no excuse for browsers UA.

Blocklist

This list blocks the majority of bad crwalers and bots. Use the action Block

(cf.verified_bot_category in {"AI Crawler"}) or

(ip.src.country in {"T1"}) or 

(starts_with(http.user_agent, "Mozilla/") and 
http.request.version in {"HTTP/1.0" "HTTP/1.1" "HTTP/1.2" "SPDY/3.1"} and 
any(http.request.headers["accept"][*] contains "text/html")) or

(http.user_agent wildcard r"HeadlessChrome/*") or

(
  http.request.uri.path contains "/xmlrpc.php" or
  http.request.uri.path contains "/wp-config.php" or
  http.request.uri.path contains "/wlwmanifest.xml"
) or

(ip.src.asnum in {
    200373 198571 26496 31815 18450 398101 50673 7393 14061
    205544 199610 21501 16125 51540 264649 39020 30083 35540
    55293 36943 32244 6724 63949 7203 201924 30633 208046 36352
    25264 32475 23033 31898 210920 211252 16276 23470 136907
    12876 210558 132203 61317 212238 37963 13238 2639 20473
    63018 395954 19437 207990 27411 53667 27176 396507 206575
    20454 51167 60781 62240 398493 206092 63023 213230 26347
    20738 45102 24940 57523 8100 8560 6939 14178 46606 197540
    397630 9009 11878 49453 29802
  }
  and http.user_agent wildcard r"Mozilla/*"
) or

(http.request.uri.path ne "/robots.txt") and 
((http.user_agent contains "Amazonbot") or
  (http.user_agent contains "Anchor Browser") or
  (http.user_agent contains "Bytespider") or
  (http.user_agent contains "CCBot") or
  (http.user_agent contains "Claude-SearchBot") or
  (http.user_agent contains "Claude-User") or
  (http.user_agent contains "ClaudeBot") or
  (http.user_agent contains "FacebookBot") or
  (http.user_agent contains "Google-CloudVertexBot") or
  (http.user_agent contains "GPTBot") or
  (http.user_agent contains "meta-externalagent") or
  (http.user_agent contains "Novellum") or
  (http.user_agent contains "PetalBot") or
  (http.user_agent contains "ProRataInc") or
  (http.user_agent contains "Timpibot")
) or

(ip.src.asnum eq 32934)

1. The request comes from Cloudflare-verified "AI Crawler"s.
2. The request originates from a Tor exit node (country code "T1"), it is a Tor heavy tier.
3. The request uses a Mozilla browser User Agent with an older HTTP version and accepts HTML content, in 2025 it is super weird, all bots.
4. The User Agent is HeadlessChrome, hence bot.
5. The request path targets common WordPress vulnerability endpoints (/xmlrpc.php, /wp-config.php, /wlwmanifest.xml).
6. The request originates from a specific list of Autonomous System Numbers (ASNs) and uses a Mozilla User Agent. Again, more bots.
7. The request is not for /robots.txt and the User Agent contains the name of known crawlers or bots (e.g., "GPTBot", "Bytespider", "FacebookBot").
8. The request originates from Autonomous System Number 32934 (Facebook).

Challenge

This one is to protect the frontends, I added some conditions in order to not make logged users verify with cloudflare. Normally a crawler won't have an user account. Set the action to Managed Challenge.

(http.host eq "old.lemmy.eco.br" and not len(http.request.cookies["jwt"]) > 0)

or (http.host eq "photon.lemmy.eco.br" 
  and not len(http.request.headers["authorization"]) > 0 
  and not starts_with(http.cookie, "ph_phc"))

or (http.host wildcard "lemmy.eco.br" 
  and not len(http.request.cookies["jwt"]) > 0 
  and not len(http.request.headers["authorization"]) > 0 
  and starts_with(http.user_agent, "Mozilla") 
  and not http.referer contains "photon.lemmy.eco.br")

or (http.user_agent contains "yandex"
  or http.user_agent contains "sogou"
  or http.user_agent contains "semrush"
  or http.user_agent contains "ahrefs"
  or http.user_agent contains "baidu"
  or http.user_agent contains "python-requests"
  or http.user_agent contains "neevabot"
  or http.user_agent contains "CF-UC"
  or http.user_agent contains "sitelock"
  or http.user_agent contains "mj12bot"
  or http.user_agent contains "zoominfobot"
  or http.user_agent contains "mojeek")

or ((http.user_agent contains "crawl"
  or http.user_agent contains "spider"
  or http.user_agent contains "bot")
  and not cf.client.bot)

or (ip.src.asnum in {135061 23724 4808}
  and http.user_agent contains "siteaudit")

1. A request to the host "old.lemmy.eco.br" that does not have a "jwt" cookie.
2. A request to the host "photon.lemmy.eco.br" that lacks both an "Authorization" header and a cookie starting with "ph_phc".
3. A request to any subdomain of "lemmy.eco.br" that lacks both a "jwt" cookie and an "Authorization" header, uses a Mozilla User Agent, and does not have a referrer from "photon.lemmy.eco.br".
4. The User Agent contains the name of a specific crawler, bot, or tool (e.g., "yandex", "baidu", "python-requests", "sitelock").
5. The User Agent contains the words "crawl", "spider", or "bot" but is not a verified Cloudflare-managed bot.
6. The request originates from specific Autonomous System Numbers (135061, 23724, 4808) and the User Agent contains the word "siteaudit".

All these are heavily inspired by this article: https://urielwilson.com/a-practical-guide-to-custom-cloudflare-waf-rules/

Please let me know your thoughts.

This has nothing to do with a vendetta against certain people downvoting one of the USSR's greatest composers

I know that many people don't like complex or intransparent recommendation algorithms.

Currently, there are "subscribed", "local" and "all" categories (at least in the default lemmy web UI).

I would like to change this to include custom topics ("listings"). They are a custom way of choosing content (in case of Lemmy listings). In Lemmy, custom listings appear just like standard listings (API-wise), just that instead of "https://discuss.tchncs.de/?dataType=Post&listingType=Subscribed&sort=Active" you have "https: //discuss.tchncs.de/?dataType=Post&listingType=list:AAAA4865698@lemmy.world&sort=Active" or something.

Listings could either be lists of communities and other listings. Consider this simple text file to describe a listing for a memes-topic: (that contains 2 communities, everything on 1 domain, and another sub-listing)

c:memes@lemmy.world
c:memes@lemmy.ml
domain:memes.net
list:AAAA4865698@lemmy.world

Or they could take their data from an RSS stream or similar external source.

Liz is a Linux enthusiast. She uses Linux as her only operating system for the last two decades, and she is very knowledgeable about it. She is keen to help other Linux new-comers solve issues they run into frequently.

Liz opens !linux@lemmy.ml today and comes across yet another post about a potential new Linux user trying to choose his distro. After ten minutes reading through his post, she finds out that he is only trying to run AAA games on the computer. Liz opens up an identical question she just answered yesterday, and pastes the answer over to the new post.

Liz wasted ten minutes on this post and she is now depressed about it. Liz has the ability to contribute to the community on a deeper level but she cannot do that except she reads through every post first.

Tom is a fellow Linux expert and he feels the same way lately. Coincidentally, Tom and Liz both wasted ten minutes on the same, generic question about choosing a Linux distro.

Hypothesis: If Liz has a way to notify Tom about that post, Tom would have saved ten minutes. Imagine that both Liz and Tom put up a tag on that post for others to see, countless other experts would have saved countless minutes.

As a subscriber of a community which has broad topic selections, I want to tell other viewers that which kind of post this post is, and also know the kind of post before I even read into it, so that everybody saves some time.

1. Lack of granular privacy / profile control

   • “The lack of privacy controls … our profiles are public, and all our posts and comments are visible to anyone.” (lemmy.toot.pt)
   • Users cannot choose who sees their profile history, comments, or posts.

2. Poor content discovery / lack of niche communities / limited diversity

   • “The platform lacks all the communities … There are no communities for games or music or sports or hobbies or movies or anything.” (Reddit)
   • “Not nearly enough people to cover all the niche interest communities that Reddit does.” (szmer.info)

3. Fragmentation across instances / duplication of communities

   • “Multiple communities dedicated to the same thing across multiple instances … causes confusion …” (Popcar's Blog)
   • “There are duplicate communities: every instance seems to have their own version of each community.” (Reddit)

4. Bad User Experience (UX) / usability issues

   • “Lemmy is losing so many potential new users because the UX sucks for the vast majority of people.” (NodeBB Community)
   • “Simply using them is confusing … accessing remote subs is a complete train wreck.” (Reddit)

5. Performance / reliability / scaling problems

   • “Slow and unreliable” is listed among cons. (Slant)
   • “Servers go down … syncing/federation issues.” (Android Authority)

6. Moderation, safety tools, and content-quality issues

   • “Moderation tooling is not adequate for removing illegal content from servers.” (We Distribute)
   • Users report low content quality (memes, shitposts, agenda memes) instead of high-value discussions: > “The politics is always … or it’s toxic American hyper-partisan … The memes aren’t any better.” (Reddit)

7. Search and archive weak/incomplete

   • “Search sucks … Lemmy isn’t.” (szmer.info)
   • Lack of long-tail content archive.

8. Over-representation of particular content types (US-news, memes, agenda posts) and low content-quality

   • Users note: heavy US-centric news, lots of meme posts, little local news/events or regional content.
   • While I didn’t find direct sources for exactly “too much US news / no local events”, the broader complaint of “lack of niche interest/hobby/sports” covers this. (Reddit)

It's not really the previously banned users that are the problem. It's that the real heart and soul of Lemmy is c/2real4meirl or whatever - ie, depression memes.

Reddit initially became popular because it was fun and interesting. Lemmy has picked up some of the old reddit crowd by being a bit more tech focused - but for the most point the links and comments posted are doom and gloom. Either AI is taking all our jobs, or its a huge scam. The world is run by evil capitalists who personally want you, in particular, to have a meaningless and miserable life. But don't worry, because we, the proletariat, will overthrow them in a violent revolution... just as soon as we stop doom scrolling and crying in bed - haha, amiright guys?

Nothing about this is fun or interesting. It is bitter, angering, and depressing. That is what drives people away.

https://lemmy.world/comment/20046325

When you quote a block of text only the first paragraph gets quoted.

cross-posted from: https://reddthat.com/post/53555823

How would I build a Python bot that automatically reposts or highlights statistically outlier posts from my Lemmy subscriptions—like anything more than one standard deviation above the average? I’m looking for a general approach covering data retrieval from the Lemmy API, outlier detection, and reposting mechanics.

Hello! I'm an admin on ttrpg.network. Recently, our hosting provider let us know that they are going out of business. I'm trying to find a new provider to migrate to.

A little bit of information, i would like:

1. Not to self host - I travel a lot for work, and i can't guarantee that my home internet/server is always available.

2. Prefer a managed service if possible - Again, due to the above, if something goes wrong while i'm out of town, I might not have time to troubleshoot issues for a week or more.

My current service is a managed service, so I can open tickets if something goes wrong and have their support team look in to it. Googling, the only other service i can find that has managed services is elest.io, which mostly just looks like a wrapper for services like AWS and others, and the server configurations look like they might get pretty pricey to get anything near comparable.

Currently, our instance uses around ~1 TB of data after backup and everything is included, and we have a 4TB quota at our current host, 8 GB of ram, and I'm not entirely sure of the CPU or anything. All for around ~$25 USD/month.

Does anyone have any recommendations?

Currently, "bold" and "italic" markup doesn't actually output bold and italic text (semantically); instead, it outputs strongly emphasized (<strong>) and emphasized (<em>) text. This is completely wrong and semantic markup abuse, since we can't guarantee that bold text will only be used for strong importance or that italic text will only be used for emphasis. HTML output for this markup should be changed to general-purpose elements (i.e. *%text%* (_%text%_) should be <i>%text%</i>, not <em>%text%</em>, and **%text%** (__%text%__) should be <b>%text%</b>, not <strong>%text%</strong>).

I don't know if it's just me, but it feeks like there's been more spam posts than usual on Lemmy this October. Especially in instances like lemmy.world, lemdro.id, and others.

For example, this week, there has been a 3-day-old account on lemmy.world with over 480 posts. I also refreshed my feed today to find a <1 day old account from lemy.lol just posting Perplexity affiliate links to various places. I've blocked like 10 accounts in the past week alone for this reason.

With affiliate links I kind of understand the motivation. However, for non-promotional spam, upvotes on Lemmy aren't valuable in the same way that it is on Reddit, and there's no real value to an account with a lot of karma.

Is it just me that's noticed this increase? Does anyone know why this might be happening just now?

With so many filters: active, hot, scaled, top, new, old, controversial, comments, replies which one do you prefer to browse lemmy with? and do you only read your subscribed sublemmies or globally? Maybe you even use rss

Sorry for the alarming title but, Admins for real, go set up Anubis.

For context, Anubis is essentially a gatekeeper/rate limiter for small services. From them:

(Anubis) is designed to help protect the small internet from the endless storm of requests that flood in from AI companies. Anubis is as lightweight as possible to ensure that everyone can afford to protect the communities closest to them.

It puts forward a challenge that must be solved in order to gain access, and judges how trustworthy a connection is. For the vast majority of real users they will never notice, or will notice a small delay accessing your site the first time. Even smaller scrapers may get by relatively easily.

For big scrapers though, AI and trainers, they get hit with computational problems that waste their compute before being let in. (Trust me, I worked for a company that did "scrape the internet", and compute is expensive and a constant worry for them, so win win for us!)

Anubis ended up taking maybe 10 minutes to set up. For Lemmy hosters you literally just point your UI proxy at Anubis and point Anubis to Lemmy UI. Very easy and slots right in, minimal setup.

These graphs are since I turned it on less than an hour ago. I have a small instance, only a few people, and immediately my CPU usage has gone down and my requests per minute have gone down. I have already had thousands of requests challenged, I had no idea I was being scraped this much! You can see they're backing off in the charts.

(FYI, this only stops the web requests, so it does nothing to the API or federation. Those are proxied elsewhere, so it really does only target web scrapers).

I've been trying Lemmy for a little while and wasn't sure how to feel about it.

Today, I wanted to start blocking the most high-censorship instances until I could find a fully zero-censorship instance and simply block all the ones with censorship. Filter bots, not people.

When I looked into it further, I found out there are no zero-censorship instances, because Lemmy relies on a broken "federation" system where each instance is supposed to be able to fetch posts from other instances, but it's never been finished to reach a fully working state. Lemmy's official docs say you can't even do federation over Tor at all. This means it uses DNS, so it won't actually allow Lemmy instances to fetch posts from each other freely, it just gets blocked instantly and easily, every time the authorities feel like blocking anything.

So you can only ever have the "average joe lemmy" and "average joe reddit" with everything approved by the authorities, and then "tor copies of lemmy" and "tor copies of reddit" where you have free speech but you can only reach other nerds.

People seem to think Lemmy is different because this weird censorship fetish is extremely popular and most of you are happy to see bans happen to certain people, not just bots, so a small Lemmy that censors certain people feels fundamentally different from a big reddit that censors more people. But it's the exact same thing, it's reddit.

When reddit was smaller, you could say basically anything you wanted there, they just wouldn't let it reach the main audience. Then it got too big, and any tiny part of the audience you could reach would be too big, so they won't let you talk at all.

Lemmy is now the small part of reddit where you can say whatever you want, separated from the main audience, until too much growth happens and you have to move again.

It's not actually a solution to reddit. It's not designed to be different, it's designed to match the past today and then match reddit's present tomorrow, while being part of a system that's about the same in past, present, and future.

Last year, this year, and next year, you're posting somewhere it won't be seen by many people, and the system that charges people for ambulance rides is getting another year of ambulance ride revenue, facing no organized resistance. There's no difference here.

Lemmy urgently needs federation between onion service instances and DNS addresses in order to actually do what most users seem to wish it would do: allow discussion outside what the corporate authorities allow, while outgrowing reddit & helping undo the damage social media has done to human communication.

Edit - I was banned from my instance, and before being unbanned, some of my comments seem to have been removed. I apologize if I hurt anyone's feelings, but it seems pointless to try to discuss this topic here. I'll give a few more replies, and then suggest any further responses be directed to me on nostr, where there are no bans. I've also had a good time posting on PieFed while I was banned, so I'll probably keep spending time there. If anyone's curious, I had a thread about this topic on PieFed too. Btw, instead of the misplaced focus on bots, I should have said filter spam, not people earlier in this post.

Jerboa's not too bad, as the URL field is the same field the link to your uploaded image ends up overwriting, but I swear I see people making this mistake every fucking day. End up posting just an image when they wanted image + link.

Apologies, as I'm sure there's proper channels for this, and open source projects tend to not have the best UIs. Just shouting into the void.

Hey everyone, I’m new here and just testing the waters. I’ve been on Reddit for years, but lately it feels like a mix of heavy-handed moderation and echo chambers where any dissenting opinion gets buried.

For those of you who’ve spent real time on Lemmy: • What do you like better here than on Reddit? • What do you miss from Reddit? • Do you feel the culture here is genuinely different, or does it eventually drift the same way?

I’m curious how people see it — especially those who made the switch after the API drama.

Piefed now generates human-readable post URLs instead of those random ID strings. This issue has been around on Lemmy for ages with no real progress from core devs. At this point, you have to wonder what the Lemmy dev team is focusing on.

Whenever I subscribe to a small but very active community, for example lefty_news@ibbit.at, my Scaled sort feed gets flooded almost entirely by posts from that one community. I thought Scaled sort was supposed to highlight outliers across all communities to prevent a single instance from dominating the feed. Is this a bug or just how it's supposed to work?

cross-posted from: https://reddthat.com/post/52170566

Curious, what are your go-to spice blends? Curry, garam masala, Cajun, or something else? Vote below!

This should show the post in a similar form to !polls@reddthat.com so people can actually go there from their instance.

Sometimes when viewing a federated, or local, post with 50+ comments I am interested in seeing comments from my instance (if there are any) first.

So there could be a toggle for that next to the comments sort options.

You join a community (instance) for a reason, and so it makes sense that you might value their comments a tad bit more by default.

And I suppose someone could use this toggle to only read top comments from their own instance. Maybe it's a political post and you don't wanna read any .world or sjw comments.

I’ve just found out that some Lemmy web interfaces let you sign in with multiple accounts and switch between them easily. Is there any client that can show notifications from all accounts at the same time, so I don’t need to switch back and forth?

I’ve checked out Voyager, Photon, Alexandrite, and Tesseract. They all seem quite similar to me. Which one would you recommend?

Right now, Lemmy only lets you pick one language to see and forces you to manually choose a language every time you post. Because of that, most posts end up marked as “undetermined,” so filtering by language hides most content.

It would make more sense if:

• You could set multiple preferred languages to view posts and comments.
• You could set a default posting language instead of picking it every time.
• The initial language settings were auto-filled based on browser or system language.

This would make the language functionality much more useful.

I just started using the Summit app for a day and realised now I involuntarily downvoted quite a few comments conviced I was upvoting them, fooled by the color of the swipe action (I didn't look at the arrow showing up until now) and wanted to remediate even if it's pretty inconsequential.
Another option if ths one isn't really possible, how to browse my read posts, at least I'd be able to find the discussions I had read through