This is so ironic, considering that linking to other websites used to be reddit’s entire point.

Then I will setup nginx to forward those headers to mlmym

If you configure it to set X-Forwarded-For, you should have at least that information now already.

I actually thought it was making a https connection to Lemmy but perhaps it doesn’t

That depends on the setup. If you haven’t already, you should definitely set LEMMY_INTERNAL_URL so that mlmym connects to lemmy directly without TLS or a reverse proxy, which should be a lot faster (but that’s only possible if they’re running on the same machine, of course).

X-Forwarded-Proto is supposed to say what protocol the user (of mlmym) originally connected with though, right? Which will still end up being https in the common case of it being behind a reverse proxy that does TLS.

I have some handling for X-Forwarded-For, but none of the others. This could actually explain why I was still seeing rate limit errors despite not having made many requests from my IP address.

I’m unfortunately busy this week, but I hope I can still find some time in the next few days to implement this.

headers.set("x-forwarded-proto", request.headers.get("x-forwarded-proto") ?? "https");

Shouldn’t that fallback be http, since mlmym doesn’t do HTTPS itself? And I assume the reverse proxy will have set X-Forwarded-Proto to https.

You said it only appears sometimes and it fixes itself on refreshes, right? I think that would rule out a mistake in the templates somewhere (which would’ve meant that it’s consistently failing on some pages).

I wonder what the HTML output looks like when you can reproduce it. Do the <a> elements for the links not get output at all (more likely) or are they hidden somehow?

I’m not really sure on why this would happen, to be honest.

hmm now comment scores aren’t showing lmao. maybe there’s something wrong with my browser?.. seems like something’s buggy…

That looks like you have “show scores” disabled in the preferences? Can’t think of any other reason they wouldn’t be showing like this.

Also, if you’re wondering about the “also show on comments” option for upvote/downvote totals, I found that too distracting to show on every comment, so that extra information is only shown when there are actually both upvotes and downvotes.

Hm, it’s working on my instance. I did change it to only make the search request for top communities once and cache it, so maybe that happened to run into an error and it’s not trying again?

Running it locally on lemmy.today, it does seem to be working. I don’t have an account here, unfortunately, so I can’t test whether the “my communities” dropdown works too, but I don’t see why it shouldn’t.

Hello! I’m the person who made that fork.

If it does get set up here and you have any questions or run into any issues (which could very well happen, as I’ve done some major refactors), feel free to contact me, either by email at mlmym@mschae23.de or in the #mlmym:mschae23.de matrix room.

You can also try it out already at discuss.mschae23.de (only logged-out here, of course, which doesn’t give you all options) or by running it up locally with LEMMY_DOMAIN set to lemmy.today.

I’d also recommend enabling some of the options instance-wide by default, especially SHOW_UNREAD_COMMENTS (this one has been really useful for me).

GDPR wasn’t what introduced cookie banners, that was the ePrivacy directive which came before the GDPR. Either way, I’d argue cookie banners are an act of malicious compliance with both of these, as I’m pretty sure they were intended to reduce usage of tracking / analytics / other non-required cookies altogether. The annoying banners are, in my opinion, an effort to make people angry at the EU instead of the ad companies.

As far as I know (and I’m not 100 % sure), no. You don’t even need to inform users that you use functional cookies. Most likely because these work for the person using your website, not against them (persisting the session, settings, and so on).

I was just being pedantic and corrected what is meant by the term “free software”, not actually arguing for or against what you were saying :)

Yes, of course, a project being paid will mean that a lot fewer people will actually use it. I wouldn’t say nobody, though. As an example, there’s the DeArrow browser addon which is free, but costs $1 once (with easy ways to circumvent that payment). Yet many people have paid for it anyway.

As for curl, the article says that the 23 sponsors you mentioned are only corporate sponsors. There are hundreds of people donating to the curl project, which is probably still unreasonably low, but not as dire as “only 23” would suggest. Obviously each of these donates a much lower amount, so it may still not amount to much (but I don’t know enough to say that).

But in the end, as I said, you’re probably mostly right, there would be very few users of free software if it was paid. Although there are also lots of users of proprietary paid software, so who knows.

The “free” in FOSS does not mean price.

That makes it sound like I made this (I didn’t), but I’m just posting animated videos I find :)

Agreed on what you’re saying though!

The GPL licenses were all written by the free software foundation for the GNU project. But that doesn’t make it less worthwhile to contribute to this cause, too :)

1. Probably wouldn’t hurt to set them up, especially if you don’t have a static prefix. The good thing is that interfaces can have multiple IPv6 addresses, so they can use both the public address and the ULA.
2. SLAAC should always be enough. Make sure you don’t block the ICMP6 messages it needs though (I’ve been bitten by that once, firewalld behaves weirdly around this).

Sad to see the button died overnight, but it was really fun again, despite me not knowing much about Star wars. Thank you for making this!

Couldn’t join the green faction this time because they were so far ahead, so I ended up joining the red team instead (and somehow even got elected as senator). Honestly didn’t know you could have multiple button presses at the same time, my extra senator press also locked the main button for some reason (maybe that was a bug?), but at least I got to press the button at some point!

I was still there to see the first crow facts, but it looks like I missed the cult being formed and crow reactions getting added and all that.

But yeah, everyone was nice as always, which made it great to be part of the game even when the button couldn’t be pressed. Looking forward to the next iteration, if there will be one :)

Das „free“ in „free and open source“ hat tatsächlich wie bei „open source“ nichts mit dem Preis zu tun, sondern steht für freie Software.

Falls allerdings für die bezahlten Funktionen nicht ebenfalls der Quellcode veröffentlicht und Modifikationen und Vebreitung erlaubt werden (was möglich ist!), wäre es weder frei noch open source.

Could use subdomains to specify it further, like v4.bysa.cc for all CC BY-SA 4.0 works

https://www.der-postillon.com/2026/04/signal-phishing.html :)

What makes you say that? As far as I can tell, the only actual downside of it is having to type longer addresses sometimes, but one should really just use the DNS for that. And a bigger address space was needed. Everything else seems better or at least simpler. Autoconfiguration (SLAAC), only one loopback address (which is shorter than any of IPv4’s loopback addresses), subnetting, no need for NAT, proper support for multiple addresses per interface…

In practice, most problems with IPv6 probably just come from bad support for it in software. That means they should be improved, not that IPv6 was a failure. Also check that you’re not blocking ICMP6 traffic in a firewall or similar (or at least allow the things SLAAC and neighbor discovery need).

If they manage to show it in a theatre in my region (Germany), I would definitely try getting tickets for that too.

I’d probably try to get a few people together who I know would want to watch it and end up being too slow, to be honest…