I'm not sure if it's just the larger instances getting the brunt of it, or if we've been quietly handling it in the background, but I just wanted to float the question in case it's something you have to be actively looking out for.

I would hate for this community to get taken down due to bad actors elsewhere.

Just an FYI, I generally ignore any reports that aren't hate speech or severe incivility. As far as spam goes as long as it's not on my server I ignore it unless it's done by one user and I can remove all their content with a few clicks.

It would be cool if one could choose where the report goes.

Hexbear users: Please avoid commenting on this thread! This sub is for midwest.social users / announcements. Y'all's participation in yesterday's thread, while understandable, made it really really hard for me to see what other users on my instance thought. Thanks!

The other thread got locked before I could jump in and voice my opinion as a midwest.social user lol.

Please don't defederate from Hexbear! I'm a US-based leftist who's sometimes uncomfortable with realllllyyyyy extreme leftists. But after looking through Hexbear's content with an extraordinarily fine-toothed comb I failed to find anything that other user was talking about. It seems like a pretty standard leftist instance and has some great communities I'm enjoying following here. /c/urbanism@hexbear.net, /c/antifascism@hexbear.net, and /c/politics@hexbear.net are just a few of the really great communities I've found over there.

Obviously some of the communities could be uncomfortable for liberals lmao, but they can always block offending users or communities and hide them if they really want to. Scrolling through Hexbear I fail to see any communities that are anywhere near the level of 'extremism' of Lemmygrad, but even Lemmygrad I don't have much of a problem with lol.

However I do think it'd be useful to have a private sub just for discussion with users here. I think what happened yesterday was somehow the thread here ended up trending on Hexbear, and Hexbear users responded as if it was just another post on their platform. It'd be useful if there was a way to restrict discussion on this sub to just users of midwest.social so that I can see what y'all think!

Putting this here since it's this instance's most subscribed community. I miss me some TPUSA memes. Was wondering if the subreddit successfully migrated somewhere on the Fediverse.

Is there a particular reason why this instance isn't federated with us? Just wondering.

Has anyone else noticed how prevalent Hexbear posters have suddenly become? Maybe sometime last week I noticed nearly every political post had at least one long thread of Hexbear users that do nothing but repeat CCP talking points while waving anyway anything even remotely reliable as Western propaganda. That or getting all excited about trolled libs. The way they tell it, you'd think everything from DW, to Fox, to Propublica, to straight up AP News articles, are all written by the same people.

Not to mention, their info on the Fediverse observer is either straight up wrong or there's some serious botting going on. According to that, the instance is less than a month old, yet somehow they already have one of the largest, most active userbases, along with far and away the most comments of any instance.

Seems to me like Lemmygrad on steroids. Considering we defederated from them, seems like a no-brainer to block Hexbear as well.

So glad this thread could become such a perfect microcosm of why we need to defederate.

After seeing some of the comments coming from it I've added it to our blocklist.

For the record: the only good transphobe is a dead transphobe.

Have a good day everyone!

Recently it has come to my attention that the instance where my account is located rammy.site has been taken over by right wing bigots from the site exploding-heads they have created many hateful communities and have started posting transphobic content and climate denial. There's also quite a bit of community spam on here.

I very strongly advocate that the admins of this instance defederate from rammy.site as soon as humanly possible to stop the spread of their toxic shit to other instances.

title

July 28th is System Administrator Appreciation Day!

Thank you to our admins: @seahorse @simsym @JackFromWisconsin @wicked82 @InevitableWaffles

If you've been enjoying using this service and are able, consider clicking the post link & donating to help pay the bills for the site.

Deleted something I shouldn't have. I learned my lesson, but I had to revert to a backup that was about 3 days old. My bad.

Right now users here can only choose English and Undetermined, preventing us from interacting with content in other languages. There's a lot of Spanish speakers in the Midwest, any chance we can expand the language list?

In case you're not aware, multiple Lemmy instances suffered hacks recently that allowed the hackers to gain admin privileges and deface the instances and/or redirect users to other sites. Luckily, midwest.social was not a victim of this from what I can tell. To mitigate any more issues I have deleted the single custom emoji that had been uploaded and rotated the JWT which means you will have to log in again on all your devices.

Update: The devs have released 0.18.2 with a security fix for this and I've upgraded to it.

Posting this for visibility: cross-posted from: https://lemmy.world/post/1299831

Hi all,

If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers.

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

How?

This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going.

Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this.

What happens next?

As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see:

1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report:

• Exactly what happened, when.
• The incident response that occurred from instance admins
• Information that might have helped resolve the issue sooner
• Any issues that prevented successful resolution
• What should have been done differently by admins
• What should be improved by developers
• What can be used to identify the next attack
• What tools are needed to identify that information

2. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue.

3. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.

I like watching (and making) funny shortform videos on TikTok and Instagram reels, and I'd like to move to the fediverse as much as possible. Glancing around at PeerTube, it seems designed to replicate traditional YouTube with longform content, not something I'm interested in. PixelFed looks like the old Instagram, intended exclusively for photography and not memes of any kind, let alone video. So where can I get a quick haha off without a billionaire stooge breathing down my neck? (And let me know if this is the wrong community to ask, I'll gladly repost elsewhere)

Edit: before anyone writes any lectures, I realize video content is exponentially more resource-intensive to host compared to text and images. To be clear, I'm not demanding my every entertainment need be met by the fediverse right now, just curious what's out there.

like this

I'm curious if other users are experiencing timeouts reaching midwest.social several times a day? I'm browsing through the summit and connect Android apps, for context. I'm unable to load anything (/all feed and posts) several times a day on this account so I just wanted to see if others are experiencing the same thing.

Edit: I hope my tone didn't come off as ungrateful, that was not my intent! I just wanted to sanity check if there was something wrong with my network or client(s). Thank you seahorse for your hard work!

Trying to upload an avatar, but I keep getting this error:

SyntaxError: JSON.parse: unexpected character at line 1 column 1 of the JSON data

That's the only thing that shows up in the console. Not sure what is expected.

Are we going to block Meta's Threads.net? I get it if people want to keep things open. However, Meta is a proven bad actor. They claim they didn't put in ActivityPub because it was too complicated to get it done at launch, and they can't get EU approval of their service because of the rampant and invasive data they gather. IMHO, they are going to attempt to muscle the fediverse out of the equation.

Transplant from middle TN.

I play music when I can but most of my time is spent taking care of my little girls full time.

Hopefully I'm doing this right. I'm pretty socially inept.

Hope you're all well!

hi midwesties, hope you are having a nice time. I am from sweden.

Original Ian and Anthony SMOSH sketches are the cure, they’re what we’ve all been missing WE SUMMONED A DEMON!

My main midwest.social stream is current full of ads for guns and gun parts. Did I do something wrong?

I noticed that /c/milwaukee doesn't appear in the community list when browsing through midwest.social directly, and when I manually go to https://midwest.social/c/milwaukee, no posts appear, even though /c/milwaukee shows up correctly on my home instance (pawb.social). Is it possible that this issue could be hiding other communities on this instance too?

Intro and Context

Midwest.social is my homebase, but I have two other accounts in different instances. Both accounts are in instances that are federated with this one.

I started a genre film community about a week ago. Yesterday, I logged in to my other instances to see what the community looks like from a non-moderator perspective. They all look different, depending on what instance I'm viewing the community from. Screenshots below:

Screenshots

This is the view of !driveinmovies@midwest.social from this instance. This is how I'd expect it to be seen by anyone that midwest.social is federated with. Is that not correct?

For context, all the comments in the stickied post are from individuals belonging to other instances with which midwest.social is federated. In fact, there are comments from lemmy.ml folks, and I think there's one from somebody in sopuli.xyz. That may be relevant because of what I see when I go to my lemmy.ml and sopuli.xyz accounts.

This is the view of !driveinmovies@midwest.social from my account on lemmy.ml. Only three posts show up. The comment counts and upvotes are different.

The one on top with zero upvotes was actually posted from the pictured lemmy.ml account. The middle post is supposedly a stickied post, except it's not stickied when accessed through lemmy.ml. Also, none of the comments appear. Not even my own test comment.

The "subscribe pending" business is new. Several days ago, it said "joined" over there. When I try unsubscribing and resubscribing, I keep getting the pending nonsense.

This is the view of !driveinmovies@midwest.social from my account on sopuli.xyz. All the posts show up, but the comment counts and upvotes are different.

The "subscribe pending" thing here is the same as it is with my lemmy.ml account. It wasn't there a couple days ago, but now it is. Turning it off and on again doesn't do anything.

Questions

Only one question, really. Is this as odd as it seems to me? Okay, two questions. Can someone explain why it looks different, based on which instance I'm accessing the community from?