While @nutomic@lemmy.ml and I do have a lot of issues that are going to take us a lot of time this upcoming year, its still useful for us to hear what your most desired features for Lemmy are, and prioritize them.
If they’re smaller, we could get to them fairly quickly, or others wanting to contribute could see whats most wanted.
Outside of just posting them here, make sure github issues exist for them (this is what we work from), and do a thumbs up react for all the ones you’d like. Despite being a popular project, we have very few people voting on these issues . We can then use the link above (issues sorted by most thumbs up ), to keep track.
Thanks all.
maybe more privacy features, like offering an invidious link when someone posts youtube, nitter for twitter, stuff like that
We could add helpers in the ui, like the one we have on the create post page for using an archive link. But overall I’d like a link aggregator to remain mostly agnostic about the links being posted ( we also do remove some tracking / utm params tho ).
The other thing is there are many of these 3rd party viewers, and they go down quite often and leave dead links. We’d use it if someone made a rust or js library for it tho.
For the case of Invidious, a redirector exists at https://redirect.invidious.io/ which could be used as intermediate point in this case.
mostly agnostic about the links being posted
I would like if people wanting to get content without executing nonfree stuff or privacy/security aware could have it easy and not just be the second-class citizens everywhere.
Other way to address this could be redirecting the people who post to these software and services to provide these links instead of being solely done by Lemmy. In this way, the person who post is the one who must solve the problem.
Oh wow, I would love this. I agree, it would be mighty convenient.
I’ll make a issue later but front page sort options should be cached in local storage so that if I click comments on a thread and comeback I don’t have to reset my filters.
It’s not that big of a deal, but I’d love to see a redesign on the main page’s community related sidebars. Both of them feel really clunky the way they are now, having them come one after the other instead of in a vertical list, and with no way to order the ones you are subscribed into alphabetical order instead of popularity order.
The way Reddit does the trending communities in its redesign look pretty good, and the way old Reddit orders the subreddits you joined in the top bar is also nice, something at least inspired on that would be really good.
Also a redesign on the top bar (when the page is taking less than half of the screen) should be at least in the priority list, it’s the one aspect of the site that looks REALLY bad.
The ability to tag posts (what are called “flairs” on reddit)
user defined lists of communities for viewing as a feed
Mirroring the UI layout for RTL languages
Do RTL languages even work properly in lemmy, is there an instance using a RTL language?
There are millions of RTL language users (arabic is very popular), some (almost all?) living in dictatorships and might appreciate having control of the data (They might fear big tech will collaborate with these governments and give them information about pro democracy activities).
Er not so sure what you’re talking about, but if you’re on the lemmy.ml website you can click “settings” and choose Arabic and Persian already.
have you tried writing a sentence in a RTL language?
I tried in mine, the dot at the end of the sentence is at the wrong side of the text ,it’s at the right side, it should be on the left. (atleast that’s what it shows in the preview, I prefer not to give extra information about myself like what kind of language i use).
I just would want the option to view pages as lightweight, static html with low or no JavaScript, even if it means pages are not interactable.
I also think it would be nice if there were additional themes, and that the things fundamentally rethought how much white space was put all over the place. There’s so much potential with the things, but I genuinely just don’t think they are reaching their potential right now.
I see what you mean with theming. Making it easier to change themes easily makes the experience better for those of use who want it just right in a different way. But as to defaults, I don’t dislike Lemmy’s design at all. Though I get the desire for flexibility.
Lemmy UI works with javascript disabled, but you can only read things, everything else doesn’t work.
I’d really love to see an option that’s closer to old reddit or Tildes.net or something, I always feel a little alienated by the design as it is now.
Client Oauth2/OIDC login and account creation (“federated auth”) would be nice for people self-hosting Lemmy and trying to integrate with other services.
Server side OIDC (like Mastodon has) or app auth tokens would be nice in for using 3rd party clients.
Adding onto this, IndieAuth looks like a good solution in that department.
Improvements on federation with Mastodon, etc. Right now posts on Mastodon have as author the user post, nor the community (but you are following lemmy communities, not users, because it is not possible follow users). So, when any Mastodon user want to follow these “new source” and follow the user of the tooth, nothing happens. And he is unable to follow the community! A furst workarround should be add a bottom line on the tooth like "follow this community at community_name@lemmy_instance.tdl "
Human readable URLs! The URL is a very important part of a site’s user interface, and lemmy’s URLs currently just have a post number - there is no title, or even the name of the sub-community. Compare this to reddit: when I paste a friend a reddit URL in chat they get two hints about what it is about: the subreddit name, and the post’s title, both embedded in the URL itself. This lets them decide if they want to click it now, or later, or never, or to recognize if they’ve already seen it. Lemmy links should be like that.
good idea
Include a Replies Collection via Page json, so that Mastodon & other #ActivityPub software can know about all the replies each Lemmy post has
Could you open up a github issue for this one.
The option to set a global default theme for the ui
I would be happy to see client-side password hashing implemented.
I understand that responsibility of using unique passwords falls on the user, and maybe a truly malicious instance would be able to remove the hashing (although I think that it would be possible to check if non-hashed passwords leave the client). However, the reality is that many people still re-use their password for many websites and do not use 2FA when not required. Password hashing would reduce the level of trust required of the instance makers.
On a similar vein, it would be nice to anonymize the ip addresses that are printed to the docker logs if possible, similar to the nginx logs. I think that this would be easier to undo for a malicious instance, but at least they would need to have a bit more technical knowledge to get to this information.
The back-end already does password hashing using bcrypt.
This protects the database from a breach, but someone can set up an instance and collect the passwords from the logs:
As far as I can tell with my very limited experience, back-end encryption is the standard. One trusts the host not to steal their passwords from the logs, so protecting the data in the case of a breach is good enough. I think that it would make sense for the standard in the Fediverse to be different. Passwords should be encrypted by the client by default, and then re-hashed back-end.
It is also possible that what I am saying does not make sense in practical grounds - this is just something that surprised me while looking through the logs. I was under the wrong impression that plain text passwords were never accessible before looking into this topic.
We’ve recently removed that logging line, which logged all websocket requests. But yes most importantly, the database stores no plaintext passwords.
You don’t want to client side hash passwords before sending, because different clients might not do it the same way. But also we have to add oauth at some point, so 3rd party clients don’t even have to know your pass. This is less important with open source apps imo, which are the only ones we’re gonna link to anyway, but it’d be nice to have.
Client-side hashing doesn’t really do much. It just makes your hashed password the effective password. The only advantage it provides is some defense against password reuse because the “source” password is hard to discover. However you shouldn’t be reusing passwords anyways so that shouldn’t matter.
An actual improvement would be using something a PAKE like SRP or OPAQUE. This way the server never learns enough information to authenticate as you.
A major downside of these systems is that because they aren’t natively supported by browsers they require javascript. But that probably isn’t a major issue because IIUC all interactivity on the webui requires JS anyways.
Sorting/scoring of posts and comments based on votes from users that I trust or users with similar voting pattern to mine.
In the raw install docs I would like:
- OpenRC or SysVInit service examples
- Apache HTTPD configuration example
- Adapt the Certbot script as it is being ran as a general distribution when the fact is that Debian-based distros already provide Nginx and Apache HTTPD plugins (which makes it easy to configure through the TUI) and it is being ran as a cronjob by default at
/etc/cron.d/certbot
