🎉 Great news! Glad we can access past threads.

This episode has made it clear Lemmy software needs to improve in several ways to be resiliant to the problem. The possible #LemmyBug/enhancements:

① the fix was apparently not just flipping a switch— it required hacking the db, correct? Shouldn’t admins have a simple undelete button?

② what if a rogue admin had deleted the community, and perhaps even destroyed the db? In principle it should be possible to rebuild the community on a different node using data from all nodes that have data. Sometimes a whole node goes down. The plug gets pulled when funds run out. We are hosed when that happens.

③ each user’s subscriptions panel should not simply quietly cease to list the deleted community. The community name should remain and have indicators to signal issues (e.g. 💀, ⚠).

④ msgs users write are stored in their profile & responses are stored in their inbox. But this is poor organization on its own. It only serves to quickly see new msgs/reactions, but users are overly dependent on the server’s representation of the community to show threads in a coherent way. Clients should have that capability too. I should be able to click “context” on any msg and the client should be able to show me a sequence of msgs regardless of the state of the server host.

Correction-- I was just able to trace back to see how I figured out what the community address was. When I mouse-over “deleted@lemmy.world” on an old post of my own to the deleted community (from my profile), the underlying link is: https://lemmy.dbzer0.com/c/homeimprovement@lemmy.world. So I think it’s only because I am not on lemmy.world myself that this was revealed. I suspect when users are on the same instance where the deletion happened, the original name may not appear. Someone correct me if I’m wrong.

Going forward is not the issue since we have !homeimprovement@disflux.org. The problem is recovering the data that was lost. Where is the backup data?

yeah it was tricky because the community name was overwritten with “deleted@lemmy.world”. I was only able to rediscover what the original community address was by some strange anomaly of like an autocomplete in a search field or something. The existence of the community is scrubbed even on lemmyverse.net.

(edit) And my subscription was quietly removed. What should have happened is the subscription link in my subscription list should have remained as text (not as a hyperlink). It should have gotten a strikethrough with a “💀” next to it. That’s another #LemmyBug for the pile.

Which git repo is used to host the article doesn’t matter. That project is mirrored on ½ dozen other repos. Did you follow the links of the citations? The article is well cited but sometimes the links go stale (or become cloudflared). If you had trouble reaching the cited sources plz let me know & I’ll get the author to fix it. Or you can file a bug report in the issues tab.

The bug is most likely in the scenario of a default Cloudflare config. Cloudflare pushes a captcha to all apps other than the Tor Browser that come over Tor (in the default config). This would of course cause the #Lemmy javascript to go apeshit.

Better or worse depends on who you ask.

I boycott Cloudflare and I avoid it. Some CF hosts are configured to whitelist Tor so we don’t encounter a block screen or captcha. For me that is actually worse because I could inadvertently interact with a CF website without knowing about the CF MitM. I want to be blocked by Cloudflare because it helps me avoid those sites.

The CF onion (IIUC) cuts out the exit node which is good. But CF is still a MitM so for me that’s useless.

Some users might not care that CF has a view on all their packets - they just don’t want to be blocked. So for them the onion is a bonus.

W.r.t CSAM, CF is pro-CSAM. When a CF customer was hosting CSAM, a whistleblower informed Cloudflare. Instead of taking action against the CSAM host, CF doxxed the ID of the whistleblower to the CSAM host admin, who then published the ID details so the users would retaliate against the whistleblower. (more details)

There is no way to “disable” cloudflare if an instance has chosen to use it. It will sit between you and the server for all traffic.

Some people use CF DNS and keep the CF proxy disabled by default. They set it to only switch on the CF proxy if the load reaches an unmanageable level. This keeps the mitm off most of the time. But users who are wise to CF will still avoid the site because it still carries the risk of a spontaneous & unpredictable mitm.

wow… that is terrible. You should not have had to go on a dig for such a simple limitation. All this fancy javascript and it failed to do a simple field length check.