Nutomic

Lemmy Development Update 2023-09-22

https://lemmy.ml/post/5328302

Lemmy Development Update 2023-09-22 - Lemmy

Some years ago we used to post weekly development updates to let the community know what we are working on. For some reason we stopped posting these updates, but now we want to continue giving you information every two weeks about the recent development progress. This should allow average users to keep up with development, without reading Github comments or knowing how to program. We’ve been working towards a v0.19.0 release of Lemmy, which will include several breaking API changes. Once this is ready, we’ll post the these changes in dev spaces, and give app developers several weeks to support the new changes. This week @nutomic finished implementing the block instance feature for users [https://github.com/LemmyNet/lemmy/pull/3869]. It allows users to block entire instances, so that all communities from those instances will be hidden on the frontpage. Posts or comments from users of blocked instances in other communities are unaffected. He also reworked the 2-Factor-Authentication implementation [https://github.com/LemmyNet/lemmy/pull/3959], with a two-step process to enable 2FA which prevents locking yourself out. Additionally he is reworking the API authentication [https://github.com/LemmyNet/lemmy/pull/3946] to be more ergonomic by using headers and cookies. Finally he is adding a feature for users to import/export community follows, bocklists and profile settings [https://github.com/LemmyNet/lemmy/pull/3976]. @dessalines is currently implementing a redesign of the join-lemmy.org website [https://github.com/LemmyNet/joinlemmy-site/pull/243]. He is also keeping the lemmy-js-client updated with the latest backend changes 1 [https://github.com/LemmyNet/lemmy-js-client/pull/184] 2 [https://github.com/LemmyNet/lemmy-js-client/pull/185] 3 [https://github.com/LemmyNet/lemmy-js-client/pull/181]. @phiresky optimized the way pagination is implemented [https://github.com/LemmyNet/lemmy/pull/3872]. He is also fixing problems with federation workers [https://github.com/LemmyNet/lemmy/pull/3960] which are causing test failures and performance problems in the development branch. These problems were introduced during a complex rewrite of the federation queue [https://github.com/LemmyNet/lemmy/pull/3605] which was recently finished, and is thought to allow Lemmy federation to scale to the size of Reddit. @SleeplessOne1917 is implementing remote follow functionality [https://github.com/LemmyNet/lemmy-ui/pull/1875], which makes it easy to follow communities from your home instance while browsing other instances. He is also fixing problems with the way deleted and removed comments are handled [https://github.com/LemmyNet/lemmy/pull/3965]. @codyro and @ticoombs have been making improvements to lemmy-ansible [https://github.com/LemmyNet/lemmy-ansible], including externalizing the pict-rs configuration, adding support for AlmaLinux/RHEL, cleaning up the configuration, as well as versioning the deploys. These will make deploying and installing Lemmy much easier. ## Support development @dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations. If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development [https://join-lemmy.org/donate]. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us. - Liberapay [https://liberapay.com/Lemmy] (preferred option) - Open Collective [https://opencollective.com/lemmy] - Patreon [https://www.patreon.com/dessalines] - Cryptocurrency [https://join-lemmy.org/donate] (scroll to bottom of page)

Sep 22, 2023 at 1:02pmWeb
Show threadCheradenineSep 22, 2023

Thank you, all of that sounds like very good news.

Thanks to all the people working on this.

Show threadSheeEttinSep 22, 2023
If these are API-breaking changes, shouldn’t you bump the major version? semver.org
Semantic Versioning 2.0.0

Semantic Versioning spec and website

Semantic Versioning
Show threadsolinoxSep 22, 2023

v0 is usually the exception to that rule.

From that site: Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.

Show threadmaegul (he/they)Sep 22, 2023

I think you’re forgetting this:

  • Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
    • Show threadSheeEttinSep 22, 2023

    Fair enough.

    From an end user perspective, it feels like it’s operationally stable, though I don’t know about developmentally stable. Maybe it’s worth a 1.0 release soon. Lots of people are running it in production now.

    Show threadares35Sep 22, 2023
    see also: perpetual beta
    Show threadmaegul (he/they)Sep 22, 2023
    Yea. I feel like once it can scale pretty well and has been for a bit of time that would be a good opportunity to release 1.0. But another major factor here is that the backing and sustainability of the project is still up in the air, so the flexibility of breaking changes is maybe rather valuable for a while.
    Show threadNutomicSep 22, 2023
    Before 1.0 we definitely need to do an API cleanup, the paths are a real mess. However that will require lots of breaking changes so Im not sure when we can do it.
    Show threadpoVoqSep 22, 2023
    0ver.org
    ZeroVer: 0-based Versioning — zer0ver

    Software's most popular versioning scheme!

    Show threadmaegul (he/they)Sep 22, 2023
    Ha. Well yea, devs need to learn to commit at some point I guess.
    Show threadDessalinesSep 22, 2023

    I feel their pain lol, which is why I’m also super-hesitant to pull the trigger on 1.0.0 for lemmy.

    We’re still hobby software created mostly by a few devs, yet people expect us to have the same stability and resources as multi-million-dollar corporations with hundreds of employees.

    Show threadmaegul (he/they)Sep 23, 2023

    We’re still hobby software created mostly by a few devs, yet people expect us to have the same stability and resources as multi-million-dollar corporations with hundreds of employees.

    Oh for sure … for me, you go ahead and break backwards compatibility all you need to. Though there might be a weird phase coming up where a number of people are using apps whose development has slowed or stalled and so won’t be able to get updated.

    Otherwise, my comment about “committing” was targeted at some of the notable zeroVer projects: react native, threejs, hugo and neoVim.

    ZeroVer: 0-based Versioning — zer0ver

    Software's most popular versioning scheme!

    Show threadDessalinesSep 22, 2023
    We’re reserving 1.0.0 for a mostly unchanging and stable API. That def isn’t the case currently, as we’ve been rapidly adding features, changing api objects, etc. So minor versions (and usually not patch unless it’s security related), signify breaking api or config changes.
    Show threadIzzyDataSep 22, 2023
    Great work. Thank you for the update Nutomic.
    Show thread𝒍𝒆𝒎𝒂𝒏𝒏Sep 22, 2023

    Thank you for the update 😁

    Also devs please feel free to take a well-deserved break whenever you feel like - wouldn’t want to see anyone getting burned out from spending the majority of available time working on Lemmy. I can imagine the reddit migration has shaken a few things out of order especially

    Show thread🔻Sleepless One🔻Sep 22, 2023
    I contribute to lemmy in part because I would lose my mind if the only software I wrote that people actually use was crapware for my corpo job.
    Show threadNutomicSep 22, 2023
    Thanks for the concern. Personally I took plenty of time off during summer. Now Im motivated to code again, and honestly I would get really bored if I did nothing.
    Show threadBlazeSep 22, 2023
    Great news, thanks for the update!
    Show threadIllecorsSep 22, 2023

    @phiresky optimized the way pagination is implemented. He is also fixing problems with federation workers which are causing test failures and performance problems in the development branch. These problems were introduced during a complex rewrite of the federation queue which was recently finished, and is thought to allow Lemmy federation to scale to the size of Reddit.

    I can’t wait for this to get into action! Separating the federation into a separate process with the ability of using a separate physical resource is so good!

    Thank you!

    Show threadRentlarSep 22, 2023
    Thanks for the update! I think it’s a good idea to get the word out there more often on what’s being worked on and how progress is going at a regular interval.
    Show threadUlu-Mulu-no-dieSep 22, 2023
    Amazing job as always!
    Show threadOhaSep 22, 2023
    Thank you for your work. I love seeing that my money actually goes to something great
    Show thread👁️👄👁️Sep 22, 2023
    Looking at the Liberapay, it’s shocking Lemmy only gets $332 a month to fund this entire social media. Compare that to the totally “grass roots” normal NFT growth where they immediately had millions poured into them from venture capitalist. As it turns out, actual grass roots social media without profit incentive isn’t profitable! And that’s how you know we’re on the right path.
    Show threadDessalinesSep 22, 2023

    For as many users as lemmy has now, its kind of astonishing how little donations we have, like less than the average youtuber / streamer with a patreon. Its more when we sum up the other platforms, but I’d really like us to be able to add more full-time devs and grow the coop.

    And not just us of course, but open source software in general needs so much more funding than its currently getting. If you use open source software, consider donating to those devs!

    Once I finish the join-lemmy.org site redesign, I’ll put a section on the donation page that sums all these up for transparency’s sake, and we’ll probably try to have a once-per-year donation push to try to make sure we get fully funded.

    Show threadCorkyskogSep 22, 2023
    I wonder how many people don’t understand Lemmy and thought when they were donating to their instances it benefitted lemmy development as a whole? I see many posts about donating to your instance, but little to donating to devs. Do any instances share their donations?
    Show threadGusterSep 22, 2023
    @Corkyskog @dessalines also to third party apps...
    Show threadDessalinesSep 22, 2023
    Absolutely, especially the open source ones. We should be linking their donation pages wherever we can.
    Show threadDessalinesSep 22, 2023

    Instance runners should also get donations, if not just for the hosting costs (which shouldn’t be too much), then for their labor time spent moderating and building spaces.

    I’m sure many of them also do contribute to lemmy’s dev upstream.

    Show threadkolektyw szmerSep 28, 2023

    A shared donation page might encourage them to promote it. One where there would be all lemmy dev funding options, but admins could also add theirs. Sounds like a low hanging fruit.

    We’ll also discuss announcing a cut of our donations going upstream in our collective.

    Show threadDessalinesSep 28, 2023
    For sure! I’ll add it to my TODOs for the new joinlemmy site.
    Show threadkolektyw szmerSep 29, 2023
    It could be a page on the instance with half based on a form to be filled out in the admin pages, and the other half with Lemmy funding.
    Show threadsilent_water [she/her]Sep 23, 2023
    youtubers/streamers have a parasocial thing going with their audience that makes the idea of donating a smaller mental step for their audience (senpai might notice me if I donate type brainworms). FOSS projects historically have really struggled with funding, unless they’re able to secure funding from an org/corporation.
    Show threadwiki_meSep 23, 2023

    For as many users as lemmy has now, its kind of astonishing how little donations we have, like less than the average youtuber / streamer with a patreon. Its more when we sum up the other platforms, but I’d really like us to be able to add more full-time devs and grow the coop.

    Why look at youtubers when you can look at a open source project?, look at misskey which is very similar , it makes about 4k while having about 10k monthly active users, that’s about 0.4 dollar per user.

    Lemmy has about 40k monthly active users and makes about 3962 , about 0.1 dollar per user.

    If you will push the conversation rate to be as high as misskey, that should give you currently about 10K a month .

    I have a few ideas about how to increase it, i can open a issue throwing some ideas, for starter (I don’t remember if i said this before) the part in the UI where people are suppose to learn lemmy wants donations (the little heart), is probably very hard to notice.

    syuilo: Patreon Earnings + Statistics + Graphs + Rank

    syuilo Patreon earnings, statistics, graphs, and popularity rank updated daily

    Graphtreon
    Show threadhillbicksSep 22, 2023

    I regularly comments from users who were not aware or the financial situation. Maybe “we” need to promote it a bit more. But it is 332 per week, not month. At the beginning of the last migration it stood at 40 something, so we at least got some traction.

    Thanks for the update and thanks for the work guys, I really appreciate it

    Show threadfmstratSep 22, 2023

    We’ve been working towards a v0.19.0 release of Lemmy, which will include several breaking API changes. Once this is ready, we’ll post the these changes in dev spaces, and give app developers several weeks to support the new changes.

    Thank you for the update and the heads up.

    How will this be announced, and what specifically does several weeks mean? Since Lemmy goes beyond Mobile Apps to all kinds of systems including moderation tools, auto-purgers, bots, CSAM, auto-subscribers, searchers, etc, breaking changes to the API can have far-reaching impacts.

    Could something be set up specifically for breaking-change announcements where participants could be alerted? Even just a Breaking Changes issue that could be followed would work nicely.

    Thank you again.

    Show threadNutomicSep 23, 2023
    When we are ready to publish the first release candidate, we will make a post that lists all the breaking changes. You can follow [email protected] via rss reader to get notified about it. We will also share it in different Matrix chats, and I’m sure it will get upvoted to the frontpage as well.
    Announcements - Lemmy

    Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates. You can also find major news on join-lemmy.org [https://join-lemmy.org/news]

    Show threadXusonthaSep 28, 2023
    Do you have any sort of timeline for when 0.19 or the release candidates will become available? I only wonder because I’m eager to check out some of the new features that have been mentioned here and on Github
    Show threadNutomicSep 29, 2023
    See here: lemmy.ml/post/5711722
    Lemmy 0.19 Breaking Changes - Lemmy

    We are getting closer to the next major release. This version will have many breaking changes, so we are listing them here for app and client developers to adjust their projects. As we prepare for the release of Lemmy 0.19.0, we’d like to provide any app or client developers ample time to upgrade their apps, as well as discover any problems, before we do the release. This will be at least 4 weeks from now (but likely longer). Server admins can also upgrade to the latest release candidates for testing. Be aware that they are still unstable and shouldn’t be used in production. As with any upgrade it is important to have working backups in place. It should be possible for clients to support both Lemmy 0.18 and 0.19 without major workarounds. If backwards compatibility is causing you trouble, comment below and we will help to find a solution. To test, you can point your app to the following test instance running a release candidate of 0.19.0: https://voyager.lemmy.ml [https://voyager.lemmy.ml] A diff of API changes is here: lemmy-js-client API changes from 0.18.3 -> 0.19.0-rc’s [https://github.com/LemmyNet/lemmy-js-client/compare/0.18.3...0.19.0-rc.13] Note for developers not using typescript or rust: If you’d like to auto-generate an API client for your language, you can try out @MV-GH’s lemmy_openapi_spec [https://github.com/MV-GH/lemmy_openapi_spec], or (if in kotlin), use Jerboa’s script here [https://github.com/dessalines/jerboa/blob/main/copy_generated_types_from_lemmy_js_client.sh]. ## Major Changes ### Authentication Previous Lemmy versions used to take authentication as query/post parameters. This is insecure and unnecessarily complicated. With 0.19, the jwt token can be passed either as cookie with name auth, or as header in the form Authorization: Bearer . A major advantage is that this allows us to send proper cache-control headers, with responses to unauthenticated users being cacheable. It also prevents token leaks in web server logs. The login and registration endpoints attempt to set the cookie automatically. If that is supported on your platform, you don’t have to worry about the authentication token at all. In order for your client to be compatible with both Lemmy 0.18 and 0.19, you should send auth in both ways. Meaning with each API call, send the old auth query/post parameter, as well as the new header or cookie. A few PRs detailing these changes: - https://github.com/LemmyNet/lemmy/pull/3725 [https://github.com/LemmyNet/lemmy/pull/3725] - https://github.com/LemmyNet/lemmy/pull/3926 [https://github.com/LemmyNet/lemmy/pull/3926] - https://github.com/LemmyNet/lemmy/pull/3946 [https://github.com/LemmyNet/lemmy/pull/3946] - https://github.com/LemmyNet/lemmy/pull/3982 [https://github.com/LemmyNet/lemmy/pull/3982] ### Users can block instances Users can now block instances, so that their communities are hidden from listings. This is done via POST /api/v3/site/block with parameters int instance_id, bool block. https://github.com/LemmyNet/lemmy/pull/3869 [https://github.com/LemmyNet/lemmy/pull/3869] ### New sort options A new scaled sort option has been added. This sort is identical to the Hot sort, but also takes into account the number of each community’s active monthly users, and so helps to boost posts from less active communities to the top. https://github.com/LemmyNet/lemmy/pull/3907 [https://github.com/LemmyNet/lemmy/pull/3907] ### 2FA / TOTP Rework Two-Factor-Authentication is now enabled in a two-step process to avoid locking yourself out. Now a secret needs to be generated first with POST /api/v3/user/totp/generate (no parameters). The generated token needs to be added by the user to an authenticator app. Once this is completed, 2FA can be enabled with POST /api/v3/user/totp/update. This takes a string parameter totp_token (generated by authenticator app), and boolean enabled. 2FA can be disabled again with the same update endpoint. Additionally, the 2FA algorithm has been changed to SHA1 for better compatibility. The update disables 2FA for all accounts, so that users who are locked out can use their accounts again, and to ease the transition to the SHA1 algorithm. https://github.com/LemmyNet/lemmy/pull/3959 [https://github.com/LemmyNet/lemmy/pull/3959] ### Timestamps now include timezone Previous Lemmy versions used timestamps without any timezone internally. This caused problems when federating with other software that uses timezones. Going forward, all timestamps in the API are switching from timestamps without time zone (2023-09-27T12:29:59.113132) to ISO8601 timestamps (e.g. 2023-10-29T15:10:51.557399+01:00 or Z suffix). In order to be compatible with both 0.18 and 0.19, parse the timestamp as ISO8601 and add a Z suffix if it fails (for older versions). https://github.com/LemmyNet/lemmy/pull/3496 [https://github.com/LemmyNet/lemmy/pull/3496] ### Cursor based pagination 0.19 adds support for cursor based pagination on the /api/v3/post/list endpoint. This is more efficient for the database. Instead of a query parameter ?page=3, listing responses now include a field "next_page": "Pa46c" which needs to be passed as ?page_cursor=Pa46c. The existing pagination method is still supported for backwards compatibility, but will be removed in the next version. https://github.com/LemmyNet/lemmy/pull/3872 [https://github.com/LemmyNet/lemmy/pull/3872] ### New endpoints for export/import of user settings data Users can now export their profile settings data (including subscriptions and blocklists) via GET /api/v3/user/export. The returned JSON data should not be parsed by clients, but directly downloaded as a file. Backups can be imported via POST /api/v3/user/import. https://github.com/LemmyNet/lemmy/pull/3976 [https://github.com/LemmyNet/lemmy/pull/3976] ### Make remove content optional during account deletion When a user deletes their own account using POST /api/v3/user/delete_account, there is a new parameter called delete_content. If it is true, all posts, comments and other content created by the user are deleted (this is the previous default behaviour). If it is false, only the user profile will be marked as deleted. https://github.com/LemmyNet/lemmy/pull/3817 [https://github.com/LemmyNet/lemmy/pull/3817] ### Outgoing Federation Queue The federation queue has been rewritten to be much more performant and reliable. This is irrelevant for client developers, but admins should look out for potential federation problems. If you run multiple Lemmy backends for horizontal scaling, be sure to read the updated documentation [https://join-lemmy.org/docs/administration/horizontal_scaling.html] and set the new configuration parameters. The Troubleshooting [https://join-lemmy.org/docs/administration/troubleshooting.html] section has information about how to find out the state of the federation queues. https://github.com/LemmyNet/lemmy/pull/3605 [https://github.com/LemmyNet/lemmy/pull/3605]

    Show threadfmstratOct 12, 2023

    For the truly breaking changes like API auth and TOTP, is there a reason you don’t roll the deprecation like most software?

    I.E. 0.19 supports both methods, and 0.20 deprecates the old one? This way developers aren’t caught off guard if they’re not following (which will get worse as time goes on), and allows development using official releases vs RCs.

    For instance, if I want to update my app now, I have to release it with an RC library. If there was a version between deprecation, I could update at any point during the official 0.19 lifespan.

    Show threadNutomicOct 13, 2023
    In case of pagination both old and new variants are supported in 0.19 (see my reply to fmstrat above). TOTP is currently broken so it wouldnt make sense to keep supporting the old version. In case of auth it would be possible to keep backwards compat, but keep in mind that we are only two fulltime devs with tons of other things to work on. If we spend a lot of time on this, it means less time for other important tasks. Besides you can support both 0.19 auth and 0.20 auth at the same time by sending auth as param and header/cookie.
    Show threadfmstratOct 13, 2023
    Thanks for the response, I actually put another comment in after I started diving in and saw that the pagination/auth were overlapping, which was great news, it just didn’t come across clearly to me in the write-up for some reason. Thank you for structuring things this way.
    Show threadfmstratOct 12, 2023
    Actually, as I start to do updates, it looks like the JS library still has page along with page_cursor (and the auth can be run in parallel) which seems to be great news! Does this mean I can continue to use page for pagination until .19 officially releases and rolls out, and then switch over?
    Show threadNutomicOct 13, 2023
    0.19 supports both page and page_cursor. We will probably get rid of page in 0.20.
    Show threadklemptorSep 22, 2023

    This week @nutomic finished implementing the block instance feature for users.

    Thank youuuuuu!

    User can block instances (fixes #2397) by Nutomic · Pull Request #3869 · LemmyNet/lemmy

    Analogous to the existing community block functionality, users can also block instances. This means that all content from communities which are hosted there is hidden. Posts from users of blocked i...

    GitHub
    Show threadmouth_broodSep 23, 2023
    Donated! Keep up the good work
    Show threadcetra3Sep 23, 2023
    Excellent work! Keep it up!
    Show threadFly4aShyGuySep 23, 2023
    Just another note of thanks as others have put here. Really need to get more active if these communities and try to help this grow, great project!
    Show threadlazynoobletSep 23, 2023

    I spend enough time on Lemmy, enjoying the spoils of your hard work that I couldn’t not donate. Like others have noticed, the weekly amount at it’s current level ($350/w) is embarrassing.

    IF YOU ARE READING THIS, GO DONATE.

    Lemmy's profile - Liberapay

    An open source project the size of Lemmy needs constant work to manage the project, implement new features and fix bugs. Dessalines and Nutomic work full-time on these tasks …

    Liberapay
    Show threadzkrzsz [he/him]Sep 23, 2023

    Appreciate the work!

    Show threadazulavoirSep 23, 2023

    Posts or comments from users of blocked instances in other communities are unaffected

    Hate to say it but this makes that feature a little insufficient

    Show threadKaynSep 23, 2023
    Of the three platforms listed for recurring donations, which one gives you the best cut or is otherwise preferable for you to receive donations on?
    Show threadDie4EverSep 25, 2023

    did you forget to mention the new Scaled sort? or is it not gonna make it into v0.19.0?

    github.com/LemmyNet/lemmy/pull/3907

    Adding a scaled sort, to boost smaller communities. by dessalines · Pull Request #3907 · LemmyNet/lemmy

    Previously referred to as best . Fixes #3622 Fixes #1026 Still needs lots of testing with prod data, as well as verifying the scheduled_tasks changes are working correctly. An example of some rank...

    GitHub
    Show threadNutomicSep 25, 2023
    The post only includes pull requests which were active last week. Scaled sort was already completed earlier. It will definitely go into the next release, like every merged PR.