Thanks for pointing that out—looks like they’re working on a Server Suite. I’d guess that they try to monetize that but leave the personal desktop version free

tailor swift

What has been the most rewarding part of working on Lemmy for you guys?

As developers, what can we do (or not do) to best support Lemmy’s vision and goals right now?

Don’t tell me what to do

I’m building [email protected] and can answer any questions. Each app and client handles differently, but for Lemmynade:

1. You type in your instance, username/email, and password into Lemmynade and tap “Submit”
2. After tapping submit, your username and password is sent to Lemmynade’s backend server to process securely (this is more secure than doing some of the next steps directly in your browser)
3. Lemmynade’s backend server immediately verifies that your instance exists and that it’s a valid Lemmy instance (you don’t want to blindly send your password to some random server!)
4. If the instance is a valid Lemmy instance, then your username and password is sent directly to your instance over an encrypted connection.
5. If your username and password are valid, then your instance sends back a token (a bunch of random letters and numbers) to Lemmynade. This secure token can be used in place of your password so your actual password doesn’t have to be stored anywhere.
6. Lemmynade then takes that token and saves it in in an http-only cookie on your own device. When it needs to authenticate or log in again, it uses this secure token to do it so you don’t have to keep typing in your password.

Throughout this process, nothing is stored, logged, or recorded anywhere. The only thing stored is the secure token, and that secure token is only saved on your own device. Lemmynade or anyone else cannot access your account unless they have access to your specific device.

There’s many more layers to this, but hopefully that explains the general idea. The main danger with the current method of authentication is that you are providing your raw password to a third party, meaning if someone wanted to be malicious it’s fairly easy to do.

A much better authentication method is called OAuth. With OAuth, you never give your password directly to the third party, so it’s far safer. A lot of us devs are pushing for this and hoping to see this down the road as it would give much more peace of mind to everyone. It’s only up from here!

We’ve had a few of these built on my planet too actually

Ah crap I got another account there, I guess I’m cheering from both lol

It should work regardless, but Lemmy often requires an external community to be searched explicitly on an instance before it shows up and starts synchronizing content. I’d be curious if it works after searching for [email protected] (or whatever the community is)

That looks great, I’m just lurking here and have never built one myself but I bet it’s super rewarding!

I think it’s incredible, just needs some more love from users and developers to get it to a stable place. It truly feels like something we’ve all built together. I think the pros outweigh the cons by far

I went from React → Vue → Svelte

Svelte/SvelteKit is just so simple to use and feels closer to vanilla JS/HTML/CSS that I find myself missing it when I use the others. SvelteKit supports SSR, so if you’d like you can build out your whole backend API as well.

Svelte has an awesome interactive tutorial you can jump into right away

Come hang out at [email protected] if you have any questions!