Piefed admin settings that allow to enable or disable content filters (they are disabled by default, see body for details)
-
arbitrary
You mean the Javascript that would need to be written and added by the instance admin? Something that any admin with infra access could do anyway? Hardly seems arbitrary at all. ACE usually means something not intended.
Well, just copy and pasted rather than written. I would have hoped that infra read-level permission, infra write-level permission and admin interface permissions were all separate to begin with, even if the person who spun up the instance obviously has all three.
You do need a level of trust in an admin, of course, but wide open text boxes for putting in code are a questionable system design choice, in my opinion. It adds an extra point of possible entry that then relies on the security of the overall admin interface instead of limiting it to what should require highest level infra admin permissions to access. And if it is something that would be limited to someone who has those, then what is the actual utility of having a textarea for it in the first place?
-
arbitrary
You mean the Javascript that would need to be written and added by the instance admin? Something that any admin with infra access could do anyway? Hardly seems arbitrary at all. ACE usually means something not intended.
I too think the top commenter here hasn't quite understood what they are seeing in this picture.
-
That's an excellent question. Thought it was one of the check boxes but that one is just for adjusting reputation if post something from 4chan (ie thinks you're naughty)
-
They're just making shit up. In their mind I guess Javascript that is intentionally included by an admin to customize their instance counts as ACE. In that sense any webserver you ever browse to is capable of ACE.
Any webserver you browse is possibly capable of ACE depending on the implementation. When it starts to hold user data is when that starts to be a big concern. The more points of entry, the more that needs to be secured.
I don't have any experience with piefed admin, or any opinion on piefed itself, just too many years of web admin experience. And as soon as I see intentionally made doors that allow code input, I start to worry about how much experience the devs who made it have with web admin.
-
Those checkboxes have been there since version 0.9. Ages.
The problem with grabbing small snippets of code is a lot of context is lost. Don't trust anyone who does that. PieFed has 50,000 lines of code so anyone showing you 50 lines is leaving out 99.9% of the picture.
As I said a month ago, anyone with honest questions about how things work who wants to make PieFed better knows where to find us. You don't have to be a coder, we need translators, designers, documentation writers, bug reporters, community evangelists and all that.
The 99% of the code does not deal with keeping Shadow Profiles on netizens and punishing them (as well as misinforming them about what's going on). This 50something lines, does, and thus is a weighed key on which to judge the subject.
, we need [โฆ] community evangelists
What will they be commenting to the public on the CCP-like thing?
-
Wait what? I read in other threads the code was bad, not I didn't think it'd be this bad.
As others have pointed out, it does still require (with some caveats about the infra setup) the user to be an admin. But if someone manages to get in to the interface, or another person is granted admin access who shouldn't have been, it makes it more risky than it needs to be. It also for me is a design choice that indicates other parts of the system should be carefully examined for how they're handling and sanitizing input.
-
Edit about the 4chan image blocking, I asked Rimu directly:
I wrote a long message about how that checkbox only notifies about federated posts.
So the difference is for local posts it blocks the creation of the post entirely, but for federated posts it just notifies the admin.
https://chat.piefed.social/#narrow/channel/3-general/topic//near/10529
--
Original message:A few people in the other thread assumed that it was required to fork the code to disable those filters. That's not the case, the filters can be configured, and are off by default.
To hide the reputation system, here's a line of CSS that admins can add in the admin area to hide it for every user
That CSS line can also be used by any user wanting to hide the score at the user level.
It's as if someone saw a federated social media codebase that enabled the free movement of users and expression online and though, "someone should fix that".
It isnt that the codebase 'forces' moderation decisions - it's that it's undoing the work done in the lemmy codebase to flatten moderation across instances and make them transparent, and introducing arbitrary metrics that can be used to limit the visibility of expression not just on the local instance but across many
You're free to use whatever software on your server you like, but IMO these 'filters' are petty, low-effort workarounds to features in the lemmy codebase that are what make it truely democraticand decentralized, and they degrade the health of the entire federated network by extension.
-
To be clear, defederation has nothing whatsoever to do with PieFed.
Defederation happens on Lemmy, Mastodon, Friendica, Pixelfed, nodeBB, and every other type of software across the entire Fediverse. It is even an absolutely crucial tool to prevent CSAM which depending on the locality of the affected instance could get it shut down and potentially the instance owner exposed to actual criminal charges. (There are other ways, but typically defederation is the easiest.)
Likewise, lemmy.ml famously censors what they consider cusswords on their instance - with a hard-coded list even, iirc, at least it was at one time, years ago - but then after much outcry this censorship was made optional in the code.
So defederation is a reason to not join an instance in favor of some other one, but has nothing to do with wanting to either avoid or preferentially pick an instance running PieFed. In fact the opposite is true, as the PieFed software allows additional options beyond simply federate vs. defederate, allowing instance admins choices between those two extremes. This finer granularity is so helpful! e.g. the PieFed.zip instance blocks Hexbear.net by default for new users, but explains how to remove that, thereby offering hexbear as opt-in content, rather than having to choose between treating it identically the same as all other instances or else cutting it out entirely.
PieFed also allows notes to be placed onto content, which is particularly helpful for places such as Beehaw where their stated ToS differs from the usual across the rest of the Threadiverse.
In fact I am not aware of any particular reason to avoid running PieFed, but anyway even presuming that such exists, defederation is definitely not among them.
In fact I am not aware of any particular reason to avoid running PieFed, but anyway even presuming that such exists, defederation is definitely not among them.
The injection of the developers biases into the software, the misleading error messages, and the block behavior behaving like a shadow ban are more than enough reasons to not touch the software.
-
The 99% of the code does not deal with keeping Shadow Profiles on netizens and punishing them (as well as misinforming them about what's going on). This 50something lines, does, and thus is a weighed key on which to judge the subject.
, we need [โฆ] community evangelists
What will they be commenting to the public on the CCP-like thing?
"Shadow profiles"? Huh?
-
It's as if someone saw a federated social media codebase that enabled the free movement of users and expression online and though, "someone should fix that".
It isnt that the codebase 'forces' moderation decisions - it's that it's undoing the work done in the lemmy codebase to flatten moderation across instances and make them transparent, and introducing arbitrary metrics that can be used to limit the visibility of expression not just on the local instance but across many
You're free to use whatever software on your server you like, but IMO these 'filters' are petty, low-effort workarounds to features in the lemmy codebase that are what make it truely democraticand decentralized, and they degrade the health of the entire federated network by extension.
There's never going to be parity of administration philosophies across all instances regardless of tools. Some will use word filters. Some will hold very strong opinions on 4chan culture. Some will block new community creation for members. Some will force account age limits to interact on locally hosted communities (i've seen this in the modlog).
-
Yeah. You know, Shadow Profiles? Datasets on users collected for the purpose of control and manipulation, basically the equivalent to back when McCarthynism and the FBI had a "dossier" on you. It's not even that old, Facebook was caught doing it in a big scandal and pretty much every corporate since then (Reddit uses it for shadowbanning Fediverse mentions, etc).
-
Yeah. You know, Shadow Profiles? Datasets on users collected for the purpose of control and manipulation, basically the equivalent to back when McCarthynism and the FBI had a "dossier" on you. It's not even that old, Facebook was caught doing it in a big scandal and pretty much every corporate since then (Reddit uses it for shadowbanning Fediverse mentions, etc).
That's not what's being done at all here. It's not that deep. It's just a number based on downvotes received/given.
-
Any webserver you browse is possibly capable of ACE depending on the implementation. When it starts to hold user data is when that starts to be a big concern. The more points of entry, the more that needs to be secured.
I don't have any experience with piefed admin, or any opinion on piefed itself, just too many years of web admin experience. And as soon as I see intentionally made doors that allow code input, I start to worry about how much experience the devs who made it have with web admin.
Booo. Here I was hoping for something serious to spice up the news and it just turns out it's "it runs on a browser".
-
Sounds like these settings are very reasonable to have turned on. Although I would be cautious of how the "4chan" filter is implemented, it sounds easy to overdo.
it ocr's the image and checks if it contains a long number and the word "anonymous".
yes really
-
So what is the lowering reputation part. Are the mods grading your posts and then reducing their visibility?
I was a bit put off with the de federating from some of the other communities, but I had contact with one that I had to admit really needs to be de Federated from. Hexbear, chapotraphouse. Never had s problem with the .ml or whatever.
But I noticed some remove the word cunt too, which is a dealbreaker for me.
If you get reported or post a hot take, admins can look at your karma to see if your takes are usually hot, and at how often you tend to upvote vs downvote. They don't have to do anything with that information, it's just to help them tell if a user is controversial
-
It's as if someone saw a federated social media codebase that enabled the free movement of users and expression online and though, "someone should fix that".
It isnt that the codebase 'forces' moderation decisions - it's that it's undoing the work done in the lemmy codebase to flatten moderation across instances and make them transparent, and introducing arbitrary metrics that can be used to limit the visibility of expression not just on the local instance but across many
You're free to use whatever software on your server you like, but IMO these 'filters' are petty, low-effort workarounds to features in the lemmy codebase that are what make it truely democraticand decentralized, and they degrade the health of the entire federated network by extension.
Tolerating intolerance doesn't make a community more tolerant. We need good mod tools to remove authoritarians from our communities.
I really want a Xitter filter so I can prevent screenshots from the Nazi website from showing up on our website. Because I think Xitter is worse than 4chan.
-
Well, just copy and pasted rather than written. I would have hoped that infra read-level permission, infra write-level permission and admin interface permissions were all separate to begin with, even if the person who spun up the instance obviously has all three.
You do need a level of trust in an admin, of course, but wide open text boxes for putting in code are a questionable system design choice, in my opinion. It adds an extra point of possible entry that then relies on the security of the overall admin interface instead of limiting it to what should require highest level infra admin permissions to access. And if it is something that would be limited to someone who has those, then what is the actual utility of having a textarea for it in the first place?
Oh, I love it. So much freedom to customise our instance without having to rebuild the Docker image or fork the codebase.
-
Booo. Here I was hoping for something serious to spice up the news and it just turns out it's "it runs on a browser".
Sorry, pal. It's a good software.
-
-
Booo. Here I was hoping for something serious to spice up the news and it just turns out it's "it runs on a browser".
I'm not a spice merchant, and most exploits rarely involve a single step. This screenshot is just a system design red flag.
You're free to examine the repo yourself and find your own spice, my 5 min look tells me that piefed needs to expend a significant amount of effort on infosec to maintain user trust in the longer term.
