New functionality can be configured through two new .env vars. You can use this functionality to deny things like known spam or potentially abuse of the registration form. In our instance for example we use it to autoblock people who put a word we explicitly say they shouldn't mention.

The new release of Threativore adds Fediseer integration. It will allow you to keep your instance blocklist in sync with your fediseer censures. Not only that but the integration can be as fine-grained as you want, supporting collating multiple instance censures, filtering only censures with tags you want, or only censures collaborated by 1+ other instances etc.

Check out the usage manual for all the variables allowed.

For people who only want some basic protection, the default settings will by default protect you from all CSAM and bigoted instances as tagged by lemmy.dbzer0.com, lemmy.world and lemmings.world. This should provide a good initial blocklist even if you don't populate fediseer yourself Bbut you can of course mix&match according to your needs.

This integration also prevents too many changes happening at one go in your blocklist. If threativore detects too many changes about to happen, it will ask for admin approval via DM before proceeding.

This sync will run every 10 minutes, so if you're following the censures of other instances and they discover a new bad actor, you'll be almost immediately protected, thus converting a fediverse weakness (information distribution) into a strength (information collaboration).

Let me know if you wish to see any improvements.

The newest release of Threativore allows admins to flag users with warning flags, which don't lead to any immediate consequences, but they allow admins to keep track of potentially problematic users and also a way to send a warning to those users that doesn't come from any specific admin account.

This was triggered by having a few problem users in our instance which had bad takes low-key enough to not cop an immediate ban but kept popping up in reports and moderation. In isolation any of those things might make an admin give the benefit of a doubt, but when seen holistically, it makes things more obvious.

Currently it only supports a warning flag, but I can easily add more if people have ideas. These flags can accumulate between admins and you can always see what others have added.

I'm hoping people can use this functionality more liberally than bans, as it will provide a warning to users for bad behaviour, and once someone gets more than 2 or 3 it would be a good chance to take more significant actions.

Flags can also be set silently (i.e. without informing the user) and also with an expiration date, if wished.

It's been a while since I last wrote about the Automod, but I felt now is a good time because it's got a pretty significant update: an official user interface so that you don't have to insert your rules using SQL queries anymore.

If you don't know what it is, here's a quick intro:

• uses webhooks to be efficient
• supports banning based on regexes for all kinds of content (posts, comments, usernames...)
• supports banning based on the image content
• can watch users, notify about new users, notify about first posts etc.
• can defederate if new instances don't meet certain criteria
• and more

Note: This is an instance admin level tool not available to mods.

cross-posted from: [email protected] | https://retrolemmy.com/post/16169345

Nutomic:

This is implemented in the main branch now. If you want to develop a plugin for Lemmy, have a look at the RFC and the examples. If you have questions about plugin development, feel free to post in the Matrix dev chat, [email protected] or open an issue.

https://github.com/LemmyNet/lemmy/issues/3562#issuecomment-2760779122

Examples in multiple languages: https://github.com/LemmyNet/lemmy-plugins#lemmy-plugins (only a few examples currently, more languages are possible including Python)

Anyone planning to start working on a plugin?

Latest update for threativore was pushed in order to be able to handle our anti-Xitter links rule.

What it adds is the scope keyword when setting up a new rule. Scope can either be:

• global: The same as the existing implementation; it will match regardless of instance.
• instance: Will only match from local communities (local to the instance threativore runs in)
• community::<community_name>: Will only match from within the local community named <community_name>.

This means that threativore can now also be used for specific local community management. However currently threativore doesn't accept commands from non-admins, so if any community mod needs to set up a threativore rule, they need to contact the instance admins. In the future hopefully I can allow direct filter specifications from comm-mods.

I'm hoping we can use it to update our UI to somehow inform people about new votes opening or ending, and avoid having to rely on stickies or otherwise having votes missed.

Lots of releases since my last post roughly 1 week ago. Suffice to say, I've been hard at work :)

• Threativore now allows specifying a governance community. Posts in that community can be used for voting. Voting relies on the specified user tags within threativore to figure out which votes to count and which not. You can see this in action in our very first voting thread in lemmy.dbzer0.com.
• A lot more work has gone into preparing threativore to serve tags as flairs, with flair ordering mechanisms using env var definitions
• Two new threativore PM commands added
  • vouching for users, which gives them a special flair and allows them to participate in votes. Vouching PMs are open to all trusted uses, has controls to prevent multiple/duplicate vouching, and PMs target and source accorindly.
  • assigning/removing flair, which gives them the flair tag on threativore and PMs them accordingly. This is open only to threativore admins.

The threativore manual has been updated with all relevant information for all of these

The advanced Lemmy automod, which could previously only be edited by directly editing the SQLite database, now has a REST api!

All rules can now be configured using an API conforming to the JSON:API v1.0 standard.

More information in the README (or jump directly to the Management API section.

With threativore 0.8.x I have finally released a feature I've been planning for a while, the ability to maintain and view it via REST API.

The first thing that is released in the REST API is the ability to see a user's information, which at the moment contains the user's profile ID, their threativore roles and the newest fields, which is tags for users

{
  "user_url": "https://lemmy.dbzer0.com/u/db0",
  "roles": [
    "UserRoleTypes.MODERATOR",
    "UserRoleTypes.ADMIN"
  ],
  "tags": [
    {
      "tag": "ko-fi_tier",
      "value": "deck hand",
      "flair": "https://lemmy.dbzer0.com/pictrs/image/0cc8915a-acf8-451b-8350-c889f469ac42.webp",
      "expires": "2025-03-15 13:18:46.305405",
      "description": "This user is donating a moderate amount to their instance through Ko-Fi"
    },
    {
      "tag": "pirate",
      "value": "true",
      "flair": "https://lemmy.dbzer0.com/pictrs/image/156d1970-0600-4bea-b3d2-53435be3c314.webp",
      "expires": null,
      "description": "This user likes pirates"
    },
    {
      "tag": "anarchist",
      "value": "true",
      "flair": "https://lemmy.dbzer0.com/pictrs/image/61a552e5-d1db-43a5-a120-f584e3082c2d.webp",
      "expires": null,
      "description": "This user likes anarchism"
    },
    {
      "tag": "foss",
      "value": "true",
      "flair": "https://lemmy.dbzer0.com/pictrs/image/00ac9132-cecd-41e6-ba81-8ffd51043bdd.webp",
      "expires": "2025-01-14 13:07:57.467910",
      "description": "This user likes free software"
    },
    {
      "tag": "liberapay_tier",
      "value": "powder monkey",
      "flair": null,
      "expires": "2025-03-16 20:05:57.525031",
      "description": "This user is donating a moderate amount to their instance through Liberapay"
    }
  ]
}

The tags are free-form and any threativore admin can assign any tags to any users with whatever values. For example one of my plan in lemmy.dbzer0.com is to add a boolean tag for pirate if the user mentioned a pirate in their application form, or alternatively anarchist or FOSS respectively. Likewise I have automated adding tags based on whether someone has donated to the site through ko-fi recently and at which tier.

Currently these tags don't have any effect, but I want to bring together the various frontend developers, such as @[email protected] from tesseract, @[email protected] from alexandrite, @[email protected] and so on to see if we can come up with a standard where we can specify within threativore how the tags could be utilized. Or perhaps agree for a standard location where the threativore can always be sought by UIs to retrieve info (as it's not part of the lemmy API proper)

For example I can arrange for a new field per tag, which would contain an emoji code, or an image url, which would be displayed by the UI as flavor for that user. I want to provide ways for each instance to be more unique, (until and if lemmy itself adds such functionality in the backend).

Another functionality which is not immediately obvious is that I now added code to allow threativore to reach in directly to the lemmy DB and extract any data needed. This is for example how lemmy.dbzer0.com can match users on ko-fi with users in lemmy. I plan to extend this functionality in the future to hopefully provide more ways for threativore to detect and deal threats, even without info publicly available in the API.

With all this I want to make threativore a valuable companion software to lemmy, to provide a lot more extensibility through the UIs and empower instance admins to do even more for the looks and security of their instances.

If you want to deploy threativore, I provide a simply code chunk you can add to your lemmy UI in docker-compose. You can even disable the anti-spam capabilities if you want (although they don't do anything until you populate them), and just keep it as an API only.

Let me know what you think.

Is there any way to just like open a websocket and get notified of e.g. new posts/comments/etc, or is the only way to do that by polling?

I tried looking at the API docs, but didn't see anything about it

Hey fellow Lemmings,

I'm thrilled to announce the launch of AI News Summary Bot, a project that brings you News summary! The bot is now live on our community at [email protected].

The bot is still in its early stages, and I'm excited to hear your feedback and suggestions on how to improve it. Feel free to share your thoughts and ideas.

Repository: If you're interested in contributing or exploring the code behind the bot, you can find the repository at https://github.com/muntedcrocodile/ai_news_bot.

Donations: If you're interested in donating to allow me to spend more time developing please do: monero:8916FjDhEqXJqX9Koec9WaZ4QBQAa6sgW6XhQhXSjYWpQiWB42GsggEh73YAFGF86GU2gEE1TTRdWSspuMgpWGkiPHkgBTX

Stay informed, and let's build this community together!

Recently someone contacted me about a comment that the threativore erroneously removed as a false positive. While we restored that comment, it occured to me that the process in which an automated bot like this can be corrected is too unwieldly.

So I spent the last week trying to streamline the process in which someone can inform the mods that threativore made a mistake, and likewise allow the mods to recover that mistake, or reply to that person on why the decision stands, anonymously.

Now every time threativore removes something, it will also provide a string with which you can PM the bot, which will open an appeal request for that removal

The reasoning you send along will get forwarded to the mods who have the choice then to restore it, or reject the appeal (and inform you why). Also, not only the person who was affected can request this, anyone who sees an erroneous filtering action from threativore can open an appeal for it.

I hope to expand this functionality in the future to also allow for appeals for other actions such as bans, and to potentially allow threativore admins to take ad-hoc actions via threativore directly as well.

Important Note: If you were running a previous version of threativore, you'll need to do a manual adjustment of your DB before you upgrade (because I don't know how to automate this). The instructions are here

let me know how appeals work out for you and what you think of this new feature.

Cross-posted from "Lemmy realtime CSAM detection tool updated in accuracy" by @[email protected] in [email protected]

One year ago I developed the first (and from what I know, still only) real-time CSAM detection tool for the fediverse. This has been in use by this instance and recently the real-time version was put in use by lemmy.world. Unfortunately the false-positive rate was a tad too high as this was still using my original implementation in horde-safety. But through our demands in the AI Horde, we've had to constantly tweak and improve it over the past year and thereofre we've had an improved checker for a while, but not used in fedi-safety.

Unfortunately I haven't had the time/motivation to update into it recently so lemmy.world pinged me about its false positive rate being a tad too high, I felt it was a good time to do so.

So now horde-safety has been updated and it should already be more accurate. The admins of lemmy.world already put it into production and they have the most demand, so they'll report back with their findings in a week. If this is not sufficient for lemmy's purpose, I have some other ideas for tweaking it.

And yes, memes and pressure on the admins is what caused me to look into it, but remember we're all just volunteers here. I would have looked into it if y'all had asked nicely as well ;)

Speaking of volunteers, if you want to support my work in providing tooling for lemmy and the Fediverse, feel free to send some support my way which covers all of my FOSS project work.

cross-posted from: https://lemmy.world/post/18073105

Media Bias Fact Check - Automation

Hello World, As many of you have probably noticed, there is a growing problem on the internet when it comes to undisclosed bias in both amateur and professional reporting. While not every outlet can be like the C-SPAN, or Reuters, we also believe that it's impossible to remove the human element from the news, especially when it concerns, well, humans.

To this end, we've created a media bias bot, which we hope will keep everyone informed about WHO, not just the WHAT of posted articles. This bot uses Media Bias/Fact Check to add a simple reply to show bias. We feel this is especially important with the US Election coming up. The bot will also provide links to Ground.News, as well, which we feel is a great source to determine the WHOLE coverage of a given article and/or topic.

As always feedback is welcome, as this is a active project which we really hope will benefit the community.

Thanks!

FHF / LemmyWorld Admin team 💖

Allows plugins in any language. Developers need some feedback on which hooks to add.

Planning to cook something up ASAP.

Hi there!

Since the last time the LemmyWebhook package gained quite a few new capabilities so I've decided it's time for another post.

Quick intro to the package: It adds support for webhooks to Lemmy, meaning you can get notified of events to automatically react to, instead of having to poll for everything, often using multiple http requests. Everything is done in a quite efficient way which avoids hitting your database as much as possible and if it does, it only uses queries on primary key. You can also (optionally) make it available to other users who can then run their bots on your instance only on the permissions you allow them, meaning if you only grant them access to post events, they don't also get access to new user events.

So, what's new?

• When you listen for an update event, you get the previous version of data in addition to the current one, meaning you can directly compare what has changed
• New function for getting parent comment id have been added, with this you can for example detect if someone is replying to your bot
• You can now listen for community subscribe/unsubscribe event

As usual, let me know what you think, feel free to offer suggestions or ask questions.

I’ve updated @[email protected] to remember the whole tree of comments when replying to you, so it can do follow-up responses. You still have to mention it on every message, though. Example in the comments.

Just for fun, I've cooked this script to rotate social media avatars using Stable Diffusion via the AI Horde. Currently it only supports Lemmy, but in the future I plan to add support for more software like mastodon etc.

It can rotate user avatar/banner and community/site icon/banner.

Currently I've set it to rotate the lemmy.dbzer0.com site banner every day. I'll deploy it to rotate some communities icons/banners soon as well.

Let me know what you think, and if you want it to support more software, or provide more complex generations, or any other enhancements, feel free to send PRs.

cross-posted from: https://lemmy.ml/post/12426588

There's now a swagger documentation for the Lemmy API.

See also https://mv-gh.github.io/lemmy_openapi_spec/

Hey y'all. I've been working on this little project ever since the recent spam wave started. This is a very basic Python automoderator bot which will monitor the comments and posts federated into your instance for specific regex instances and then automatically report, delete, ban etc.

The Bot setup is very simple, as you can just chuck its docker-compose entry into your existing lemmy one. You just need to fill in the relevant environment variables.

The bot works by constantly polling your incoming reports, posts and comments, and matching them against provided regex.

I wanted to keep things simple for admins, so the bot configuration happens via a simple PM syntax. The README goes into details on this. But you basically send a message like this to the Bot to add a new filter

threativore add comment filter: `trial period`
reason: `Spam comment`
action: `REMOVE`
description: `Known spam string`

All bot controls work the same way. Eventually I want to add a UI to it.

The bot is built with collaboration in mind. So you can add more people to help you maintain your filters (even if they're not admins), you can add users whose reports will be treated more seriously, and you can even mark users as "ham" (i.e. known not spammers) to prevent them ever being filtered.

This is just the very first release and I have a lot of ideas to improve it in the future. Here's some stuff in my roadmap which should make the threativore a much more collaborative/crowdsourced process between multiple instance admins and the larger userbase. Stay tuned.

PRs and suggestion are welcome.

PS: The bot is already active on https://lemmy.dbzer0.com/, so you can check the modlog for its actions.

I have a 21:9 and I'd like things to be able to use that real estate. Is there a chromium plugin that could achieve this that you know of? I couldn't find one specifically for Lemmy

I'm looking for a way to pull images from my Lemmy feed and display them on desktop tiles, similar to Scrolldit. Ideally, the images would refresh every so often.

Does anything like this exist?

Thank you

It's been a while since I've last posted about this package and quite a lot has changed since then.

So, what does this package do? It adds support for webhooks to Lemmy in an efficient way, meaning you can subscribe to various events like a new post created, new comment added and so on. Very useful, for example, for automods or other bots that need to react fast.

Since the last time I've added more object types, so in addition to posts and comments you can now listen for:

• comment reports
• instances being added or updated (for example federation changes)
• local users (users local to your instance, it's a distinct type from all users, it contains stuff like email and other stuff that doesn't get federated to other instances)
• all users in general (this includes federated and local users)
• post reports
• private messages (does not contain the message text itself, only metadata like recipient and the author)
• private message reports
• registration applications

Another huge improvement is an api that allows users to create webhook and even more importantly a simple GUI for management of your webhooks. This means that this package is no longer only for instance admins, but bot authors in general can ask their instance admins for access to webhooks (and to install the webhooks package to their Lemmy instance if they don't have it yet) and if the admins grant it, you now have access to webhooks. Every access is scoped, meaning if your bot only needs access to posts, you don't need to ask for the permission to receive registration applications, meaning admins can freely grant you access to webhooks without also giving you access to stuff you shouldn't have access to.

There's also support for bulk import of webhooks based on a YAML document, meaning creators of bots and other applications that have support for webhooks can create a YAML document with all the webhooks other people then can import without any trouble. Each imported webhook needs a unique ID which allows the system to track changes to it which allows the importer to update old webhooks instead of duplicating them (as long as they share the same ID).

Let me know what you think, your ideas for improvements or any comments in general are welcome!

P.S. If someone wants to try it out, you can use my instance. The webhooks are available at https://webhooks.lemmings.world/ (accounts must be manually approved, so be patient and ideally write me a PM if you want the access quicker).

cross-posted from: https://lemmy.world/post/11440349

I made this bot so that users who want to provide a quick summary of the wikipedia article they linked to in their comment can do so just by including a mention of the bot in their comment, and the bot will reply to the comment with the summary.

Currently multiple wikipedia links is not supported.

bot: https://lemmy.world/u/wikibot