Why would it be a security risk?
Why would it be a security risk?
I don’t see how it’s a privacy risk since you’re not exposing your IP or anything. Likewise the images are already uploaded to your servers, so there’s no extra privacy risk for the uploader.
You can actually run it in async model without pictrs safety and just have it scan your newly uploaded images directly from storage. It just doesn’t prevent upload this way, just deletes them.
You don’t get public traffic redirected. It’s not how it works
It stops doing checks. Iirc you can configure it yes
https://github.com/db0/fedi-safety and the companion app https://github.com/db0/pictrs-safety which can be installed as part of your lemmy deployment in the docker-compose (or with a var in your ansible)
Not all web traffic, just the images to check. With any decent bandwidth, it shouldn’t be an issue for most. It also setup in such a way as to not cause a downtime if the checker goes down.
The software is setup in such a way that you can run it on your pc if you have a local gpu. It only needs like 2 gb vram
[…]Looping through the list you’ve been given, and making extra queries adds complexity and delay, when the expectation from the user is that this list should appear pretty quickly.[…]
While you’re correct about this, this could be handled dynamically. Simply fetch the list of posts quickly as usual, and then start polling for crossposts in the background and if any two appear in the current frontpage the user is seeing, merge them.
My counter to that, would be that if you aren’t using the API in the way the developers expected, your app has ceased to be frontend, and is instead its own program that’s scraping data from it.
Not at all. That’s not what scraping means.
I just completely disagree with the idea that a frontend should stick to what the backend design is, especially for a FOSS project.
Frontends generate the main feed by querying api/v3/post/list. This doesn’t provide any crosspost info - for that you have to go into the post itself by querying api/v3/post. As such, frontends would have to do a fair bit of extra work to wrangle the required information for a main feed that combined crossposts.
Most frontends already display available crossposts so you’re not wasting anything more than grabbing all the comment sections as well.
I’d argue that you have a problem as soon as you start saying ‘frontends need to do some extra work’ - it breaks the dynamic between backends and frontends. Backends should be big, complicated things, worked on by people familiar with the project, to provide all the logic, whereas frontends should be light, relatively easy to write, runnable on devices with limited resources, and mostly focused on how the information provided to them should be displayed. They should store the user’s preferences, and login details, and that’s it - everything else should come from the backend.
I don’t agree at all. There’s space for complex frontends which attempt to adjust the feed according to their own logic, as well as minimalistic frontends which follow the backend’s design explicitly.
So I just installed it to check and it doesn’t do that. It just makes crossposts a bit more visible.
However it looks like a neat app so I’ll take it for a drive for a bit
Does it show all comments in the same place like I suggest, or does one have to click on each crosspost to see them?
This is what this post is suggesting, yes
That’s a 404. Is there a git repo? I could use obtainium
Link plox
They’re definitely about to be touring a lot this year, so look out for them
there’s a lot of hype for their new album, so I’m guessing a lot of PR is going out.
Ye, generally I would only use njalla for discardable services and domains.
You mean an exploit payload embedded in an image, and pwning a system parsing that image through python PIL? While there’s never a 100% chance of anything, you’re more likely to be struck by lightning than this coming to pass and at that point you’re at more security risk at using the internet altogether.