There are all kinds of fun stuff in the Piefed code. Allow me to dredge up a comment I made recently:
@edie@lemmy.encryptionin.space was looking at PieFed code the other week, and I ended up taking a look at it too. Its great fun to sneak a peak at.
For example, you cannot cast a vote on PieFed if you’ve made 0 replies, 0 posts, AND your username is 8 characters long:
defcannot_vote(self):
ifself.is_local():
returnFalsereturnself.post_count == 0andself.post_reply_count == 0andlen(
self.user_name) == 8# most vote manipulation bots have 8 character user names and never post any content
If a reply is created, from anywhere, that only contains the word “this”, the comment is dropped (CW: ableism in the function name):
Every user (remote or local) has an “attitude” which is calculated as follows: (upvotes cast - downvotes cast) / (upvotes + downvotes). If your “attitude” is < 0.0 you can’t downvote.
Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered “trustworthy” and there are limitations placed on what your account can do. Your reputation is calculated as upvotes earned - downvotes earned aka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can’t create new DMs. It also flags your account automatically if your reputation is to low:
PieFed boasts that it has “4chan image detection”. Let’s see how that works in practice:
if site.enable_chan_image_filter:
# Do not allow fascist meme contenttry:
if'.avif'in uploaded_file.filename:
import pillow_avif # NOQA
image_text = pytesseract.image_to_string(Image.open(BytesIO(uploaded_file.read())).convert('L'))
except FileNotFoundError:
image_text = ''except UnidentifiedImageError:
image_text = ''if'Anonymous'in image_text and (
'No.'in image_text or' N0'in image_text): # chan posts usually contain the text 'Anonymous' and ' No.12345'self.image_file.errors.append(
"This image is an invalid file type.") # deliberately misleading error message
current_user.reputation -= 1
db.session.commit()
returnFalse
Yup. If your image contains the word Anonymous, and contains the text No. or N0 it will reject the image with a fake error message. Not only does it give you a fake error, but it also will dock your Social Credit Score. Take note of the current_user.reputation -= 1
PieFed also boasts that it has AI generated text detection. Let’s see how that also works in practice:
# LLM Detectionif reply.body and'—'in reply.body and user.created_very_recently():
# usage of em-dash is highly suspect.from app.utils import notify_admin
# notify admin
This is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it’s not documented anywhere but within the code.
Do you want to leave a comment that is just a funny gif? No you don’t. Not on PieFed, that will get your comment dropped and lower your Social Credit Score!
if reply_is_just_link_to_gif_reaction(reply.body) and site.enable_gif_reply_rep_decrease:
user.reputation -= 1
raise PostReplyValidationError(_('Gif comment ignored'))
How does it know its just a gif though?
defreply_is_just_link_to_gif_reaction(body) -> bool:
tmp_body = body.strip()
if tmp_body.startswith('https://media.tenor.com/') or \
tmp_body.startswith('https://media1.tenor.com/') or \
tmp_body.startswith('https://media2.tenor.com/') or \
tmp_body.startswith('https://media3.tenor.com/') or \
tmp_body.startswith('https://i.giphy.com/') or \
tmp_body.startswith('https://i.imgflip.com/') or \
tmp_body.startswith('https://media1.giphy.com/') or \
tmp_body.startswith('https://media2.giphy.com/') or \
tmp_body.startswith('https://media3.giphy.com/') or \
tmp_body.startswith('https://media4.giphy.com/'):
returnTrueelse:
returnFalse
I’m not even sure someone would actually drop a link like this directly into a comment. It’s not even taking into consideration whether those URLs are part of a markdown image tag.
I then made a comment from my lemmy.ml account, and replied to it from my piefed.zip account, and neither .social, nor europe.pub can see my .zip reply, but can see my lemmy.ml comment!
[ Let me add more clarity here: what this feature does is two things. On a local instance, if you block someone who is on your instance, they cannot reply to you. However, this condition is not federated (yet, it would seem), and so, to get around this “issue”, the system will drop comments from being stored in the PieFed database IF the blocked user is remote. This means you end up with “ghost comment chains” on remote instances. There is NEW code as of a few weeks ago, that will send an AUTOMATED mod action against blocked remote users to remove the comment. So long as the community is a local PieFed community, it will federate that mod action to the remote server, removing the comment automatically. For PieFed servers, eventually, they would rather federate the users block list (that’s fair), but it would seem this code to send automated mod actions to remove comments due to user blocks is going to stay just for the Lemmy Piefed interaction. I don’t really understand why the system simply doesn’t prevent the rendering of the comment, instead of stopping it from being stored. It knows the user is blocked, it already checks it, it should then just stop rendering the chain of comments for the given user, prevent notifications from those users, etc. ]
Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you. This has been removed actually, the API endpoint is still there.
I was going to say that Admins had the ability to add a weight to votes coming from other instances, but the videos that showed this are now gone, and as of v1.5.0 they have removed the instance vote weight feature, claiming it was “unused”.
All this to say. Piefed is a silly place, and no one should bother using its software.
Wow, thanks for posting this. I actually considered switching to PieFed because people say a lot of good things about it but now I know I won’t. I can’t treat codebase like this seriously.
It is worth noting that almost all of these can be disabled by admins (https://anarchist.nexus/ has them disabled mostly iirc). Piefed has a lot of good features still.
Piefed has code to explicitly fuck over Sxan or what’s their name, by replacing the thorn character with ‘th’. Meaning you can’t properly cite Old English, Old Norse, or modern Icelandic on Piefed. But of course, “Lemmy is the authoritarian communist platform”.
Piefed’s code also reeks of a recent college graduate, being a stream of consciousness with almost no comments. Meanwhile the most known, and seemingly most active dev claims twenty-five years of experience, making one wonder if they learned anything in that time (or if they count from when they’ve typed up some Logo at three years old).
Ostensibly they do it to interfere with AI scraping social media comments, but of course it does nothing but make their comments more difficult to read.
Ok. But other people can think about their doings in advance and foresee the consequences. Piefed’s development is not how a mature person with ‘twenty-five years of experience’ makes open-source software.
Sure, but there is a difference between a hacked together solution being removed as the community expanded, and coding in a petty gripe with a particular user.
lol hardcoded shit everywhere. that codebase is so bad it’s entertaining. you should make a standalone post about this here and crosspost to !programming_horror@programming.dev
It’s open source. Why not? People who want a configuration menu can create a patch.
Downvoters, do you have an argument? What is it but entitlement to demand that free open source software should be written differently from what the programmer wants?
Every user (remote or local) has an “attitude” which is calculated as follows: `(upvotes cast - downvotes cast) / (upvotes + downvotes)`. If your “attitude” is < 0.0 you can’t downvote.
This pains me because it is functionally equivalent to
For example, you cannot cast a vote on PieFed if you’ve made 0 replies, 0 posts, AND your username is 8 characters long:
I don’t see a problem here. This is oddly specific, but it’s rooted in anti-downvoting spam.
If a reply is created, from anywhere, that only contains the word “this”, the comment is dropped (CW: ableism in the function name):
There is a setting to turn that on or off at https://piefed.social/admin/misc, “Filter out comments that are simply a form of this”
Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered “trustworthy” and there are limitations placed on what your account can do. Your reputation is calculated as upvotes earned - downvotes earned aka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can’t create new DMs. It also flags your account automatically if your reputation is to low:
I don’t see why this is so inherently onerous to you in principle. Trolls/spammers etc are serious problems on sites like Lemmy and Piefed. If you’re a new account and you’ve managed to get -100 reputation that quickly, it’s not a good sign. If and as the Fediverse grows, instance owners are going to need more observation tools to catch this type of stuff.
This is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it’s not documented anywhere but within the code.
The AI detection is going to be poor. But I’ve seen a lot of AI posters right now caught through this. use of the em-dash is very much a sign, unfortunately. It doesn’t ban them by the way. It just flags new accounts doing it to admins.
As Edie mentioned, if someone has a user blocked, and that user replies to someone, their comment is dropped:
If every instance was Piefed, you simply wouldn’t be able to reply to anyone who has blocked you. “Reply” is essentially faded out. The difference is that Lemmy doesn’t implement the block function in the same way, so Piefed just throws out replies by blocked users to the person who has blocked them coming from Lemmy. That’s the mismatch at play here.
If you can somehow still reply via a Piefed instance, it is bugged and not working as intended.
This can be turned off. It also defederates from hilariouschaos and others.
And no, it does not defederate from lemmy.ml out of the box. You are completely misunderstanding that code. I have already addressed this here.
"Alright, it doesn’t do any defederation, this function just controls what the api reports. It will list which of those four instances the instance is defederated from but that doesn’t look like it is actually used anywhere to do something…let me grab you links here is where piefed digests this api endpoint to populate the instance_chooser table, and the defed_list field isn’t actually used at all
Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you. This has been removed actually, the API endpoint is still there.
It has been scrubbed, but it also never really functioned in the first place.
I know the blocking stuff is actively being worked on as we aren’t happy with it yet. However, that is an issue where it would be literally impossible for every user to be happy with whatever end state it results in. That is an area where the different software platforms can offer people different experiences so that they can seek out the type of experience they are looking for.
Almost everything else you listed here can be turned on/off by an admin. I didn’t know about the 8-character username thing, probably worth revisiting that. The downvotes being disabled with low attitude is one I don’t see being removed, but could be an admin-set threshold (or disabled) in a future version. In fact, I suspect that the formula was written this way to make the threshold more well bounded instead of a simple up - down calculation.
Was wondering what those red exclamations were on some piefed users. Also surprising that I see them using a Lemmy client on a Lemmy instance, but can’t click on them to see what they mean, as highlighted here.
If you are seeing those on lemmy or in a different client than the web ui, that would have to be something else. The red triangles don’t federate at all, nor are they in the api, they are just based on the local content of a user on that instance.
There are all kinds of fun stuff in the Piefed code. Allow me to dredge up a comment I made recently:
@edie@lemmy.encryptionin.space was looking at PieFed code the other week, and I ended up taking a look at it too. Its great fun to sneak a peak at.
For example, you cannot cast a vote on PieFed if you’ve made 0 replies, 0 posts, AND your username is 8 characters long:
def cannot_vote(self): if self.is_local(): return False return self.post_count == 0 and self.post_reply_count == 0 and len( self.user_name) == 8 # most vote manipulation bots have 8 character user names and never post any contentIf a reply is created, from anywhere, that only contains the word “this”, the comment is dropped (CW: ableism in the function name):
def reply_is_stupid(body) -> bool: lower_body = body.lower().strip() if lower_body == 'this' or lower_body == 'this.' or lower_body == 'this!': return True return FalseEvery user (remote or local) has an “attitude” which is calculated as follows:
(upvotes cast - downvotes cast) / (upvotes + downvotes). If your “attitude” is < 0.0 you can’t downvote.Every account has a Social Credit Score, aka your Reputation. If your account has less than 100 reputation and is newly created, you are not considered “trustworthy” and there are limitations placed on what your account can do. Your reputation is calculated as
upvotes earned - downvotes earnedaka Reddit Karma. If your reputation is at -10 you also cannot downvote, and you can’t create new DMs. It also flags your account automatically if your reputation is to low:PieFed boasts that it has “4chan image detection”. Let’s see how that works in practice:
if site.enable_chan_image_filter: # Do not allow fascist meme content try: if '.avif' in uploaded_file.filename: import pillow_avif # NOQA image_text = pytesseract.image_to_string(Image.open(BytesIO(uploaded_file.read())).convert('L')) except FileNotFoundError: image_text = '' except UnidentifiedImageError: image_text = '' if 'Anonymous' in image_text and ( 'No.' in image_text or ' N0' in image_text): # chan posts usually contain the text 'Anonymous' and ' No.12345' self.image_file.errors.append( "This image is an invalid file type.") # deliberately misleading error message current_user.reputation -= 1 db.session.commit() return FalseYup. If your image contains the word
Anonymous, and contains the textNo.orN0it will reject the image with a fake error message. Not only does it give you a fake error, but it also will dock your Social Credit Score. Take note of thecurrent_user.reputation -= 1PieFed also boasts that it has AI generated text detection. Let’s see how that also works in practice:
# LLM Detection if reply.body and '—' in reply.body and user.created_very_recently(): # usage of em-dash is highly suspect. from app.utils import notify_admin # notify adminThis is the default detection, apparently you can use an API endpoint for that detection as well apparently, but it’s not documented anywhere but within the code.
Do you want to leave a comment that is just a funny gif? No you don’t. Not on PieFed, that will get your comment dropped and lower your Social Credit Score!
if reply_is_just_link_to_gif_reaction(reply.body) and site.enable_gif_reply_rep_decrease: user.reputation -= 1 raise PostReplyValidationError(_('Gif comment ignored'))How does it know its just a gif though?
def reply_is_just_link_to_gif_reaction(body) -> bool: tmp_body = body.strip() if tmp_body.startswith('https://media.tenor.com/') or \ tmp_body.startswith('https://media1.tenor.com/') or \ tmp_body.startswith('https://media2.tenor.com/') or \ tmp_body.startswith('https://media3.tenor.com/') or \ tmp_body.startswith('https://i.giphy.com/') or \ tmp_body.startswith('https://i.imgflip.com/') or \ tmp_body.startswith('https://media1.giphy.com/') or \ tmp_body.startswith('https://media2.giphy.com/') or \ tmp_body.startswith('https://media3.giphy.com/') or \ tmp_body.startswith('https://media4.giphy.com/'): return True else: return FalseI’m not even sure someone would actually drop a link like this directly into a comment. It’s not even taking into consideration whether those URLs are part of a markdown image tag.
As Edie mentioned, if someone has a user blocked, and that user replies to someone, their comment is dropped:
if parent_comment.author.has_blocked_user(user.id) or parent_comment.author.has_blocked_instance(user.instance_id): log_incoming_ap(id, APLOG_CREATE, APLOG_FAILURE, saved_json, 'Parent comment author blocked replier') return NoneFor Example:
(see Edies original comment here)
More from Edie:
Also add if the poster has blocked you! It is exactly as nonsense as you think.
Example:
I made a post in testing@piefed.social from my account testingpiefed@piefed.social, replied to it from my other testingpiefed@piefed.zip account. Since the .social account has blocked the .zip, it doesn’t show up on .social, nor on e.g. piefed.europe.pub.
I then made a comment from my lemmy.ml account, and replied to it from my piefed.zip account, and neither .social, nor europe.pub can see my .zip reply, but can see my lemmy.ml comment!
[ Let me add more clarity here: what this feature does is two things. On a local instance, if you block someone who is on your instance, they cannot reply to you. However, this condition is not federated (yet, it would seem), and so, to get around this “issue”, the system will drop comments from being stored in the PieFed database IF the blocked user is remote. This means you end up with “ghost comment chains” on remote instances. There is NEW code as of a few weeks ago, that will send an AUTOMATED mod action against blocked remote users to remove the comment. So long as the community is a local PieFed community, it will federate that mod action to the remote server, removing the comment automatically. For PieFed servers, eventually, they would rather federate the users block list (that’s fair), but it would seem this code to send automated mod actions to remove comments due to user blocks is going to stay just for the Lemmy Piefed interaction. I don’t really understand why the system simply doesn’t prevent the rendering of the comment, instead of stopping it from being stored. It knows the user is blocked, it already checks it, it should then just stop rendering the chain of comments for the given user, prevent notifications from those users, etc. ]
But wait! There’s More!
Moderators of a community can kick you from a community, which unsubscribes you from it, and does not notify you.This has been removed actually, the API endpoint is still there.All this to say. Piefed is a silly place, and no one should bother using its software.
Wow, thanks for posting this. I actually considered switching to PieFed because people say a lot of good things about it but now I know I won’t. I can’t treat codebase like this seriously.
Same, this is good to know. This level of auto-policing comments is excessive.
It is worth noting that almost all of these can be disabled by admins (https://anarchist.nexus/ has them disabled mostly iirc). Piefed has a lot of good features still.
Wow, great post. I was mildly annoyed by all the piefed shenanigans from non compliance with activitypub but this really is quite eye opening
I appreciate only the thought behind blocking “this” as a response
How much would Piefed hate this image?
This
Looks like Piefed really is Lemmy with SpezTools.
Stupid isn’t ableist you 2014 tumblrina.
le librul destroyed epic style
Very epic insult! Next you’ll tell me gamergate is actually about ethics in journalism
Ganergate is actually about the gamer gator Vector.
Calling people or ideas ‘stupid’ is ableist because it treats cognitive disability as an insult
Piefed has code to explicitly fuck over Sxan or what’s their name, by replacing the thorn character with ‘th’. Meaning you can’t properly cite Old English, Old Norse, or modern Icelandic on Piefed. But of course, “Lemmy is the authoritarian communist platform”.
Piefed’s code also reeks of a recent college graduate, being a stream of consciousness with almost no comments. Meanwhile the most known, and seemingly most active dev claims twenty-five years of experience, making one wonder if they learned anything in that time (or if they count from when they’ve typed up some Logo at three years old).
I’ve been wondering, what’s the deal with that Sxan guy’s spelling?
They say that it’s a bid to contaminate AI data collection, but it really just reads like more of a cry for attention
Ostensibly they do it to interfere with AI scraping social media comments, but of course it does nothing but make their comments more difficult to read.
This has been removed
Ok. But other people can think about their doings in advance and foresee the consequences. Piefed’s development is not how a mature person with ‘twenty-five years of experience’ makes open-source software.
Lemmy recently removed a feature using lemmy.ml as a source of truth for federated communities: https://lemmy.ml/comment/23400094
All Fediverse developers make mistakes.
Sure, but there is a difference between a hacked together solution being removed as the community expanded, and coding in a petty gripe with a particular user.
That feature was part of the development version, and never meant to be included in any official release.
lol hardcoded shit everywhere. that codebase is so bad it’s entertaining. you should make a standalone post about this here and crosspost to !programming_horror@programming.dev
It’s open source. Why not? People who want a configuration menu can create a patch.
Downvoters, do you have an argument? What is it but entitlement to demand that free open source software should be written differently from what the programmer wants?
This pains me because it is functionally equivalent to
I don’t see a problem here. This is oddly specific, but it’s rooted in anti-downvoting spam.
There is a setting to turn that on or off at https://piefed.social/admin/misc, “Filter out comments that are simply a form of this”
I don’t see why this is so inherently onerous to you in principle. Trolls/spammers etc are serious problems on sites like Lemmy and Piefed. If you’re a new account and you’ve managed to get -100 reputation that quickly, it’s not a good sign. If and as the Fediverse grows, instance owners are going to need more observation tools to catch this type of stuff.
The AI detection is going to be poor. But I’ve seen a lot of AI posters right now caught through this. use of the em-dash is very much a sign, unfortunately. It doesn’t ban them by the way. It just flags new accounts doing it to admins.
If every instance was Piefed, you simply wouldn’t be able to reply to anyone who has blocked you. “Reply” is essentially faded out. The difference is that Lemmy doesn’t implement the block function in the same way, so Piefed just throws out replies by blocked users to the person who has blocked them coming from Lemmy. That’s the mismatch at play here.
If you can somehow still reply via a Piefed instance, it is bugged and not working as intended.
This can be turned off. It also defederates from hilariouschaos and others.
And no, it does not defederate from lemmy.ml out of the box. You are completely misunderstanding that code. I have already addressed this here.
"Alright, it doesn’t do any defederation, this function just controls what the api reports. It will list which of those four instances the instance is defederated from but that doesn’t look like it is actually used anywhere to do something…let me grab you links here is where piefed digests this api endpoint to populate the instance_chooser table, and the defed_list field isn’t actually used at all
It has been scrubbed, but it also never really functioned in the first place.
not if both upvotes and downvotes are zero ❗️
If 0/0 < 0 would error?
If 0 < 0 evaluates false
That makes it even worse???
Phew, well thank goodness all the users are safe from authoritarian red fascist code!
I know the blocking stuff is actively being worked on as we aren’t happy with it yet. However, that is an issue where it would be literally impossible for every user to be happy with whatever end state it results in. That is an area where the different software platforms can offer people different experiences so that they can seek out the type of experience they are looking for.
Almost everything else you listed here can be turned on/off by an admin. I didn’t know about the 8-character username thing, probably worth revisiting that. The downvotes being disabled with low attitude is one I don’t see being removed, but could be an admin-set threshold (or disabled) in a future version. In fact, I suspect that the formula was written this way to make the threshold more well bounded instead of a simple up - down calculation.
Was wondering what those red exclamations were on some piefed users. Also surprising that I see them using a Lemmy client on a Lemmy instance, but can’t click on them to see what they mean, as highlighted here.
If you are seeing those on lemmy or in a different client than the web ui, that would have to be something else. The red triangles don’t federate at all, nor are they in the api, they are just based on the local content of a user on that instance.
Are you on the web client, or using an app?