Meta (lemmy.one)

3 readers
1 users here now

A place to discuss or ask anything about lemmy.one's instance or moderation.

For discussion about Lemmy (the software) itself, visit !lemmy@lemmy.ml

founded 1 year ago
MODERATORS
1
 
 

The full changelog has been linked if you are interested, but I want to call out an important update (emphasis mine):

Previously 2FA was enabled in a single step which made it easy to lock yourself out. This is now fixed by using a two-step process, where the secret is generated first, and then 2FA is enabled by entering a valid 2FA token. It also fixes the problem where 2FA can be disabled without passing any 2FA token. As part of this change, 2FA is disabled for all users. This allows users who are locked out to get into their account again.

Probably not the way I would've handled it, but it's ok. Please re-enable 2FA on your account as soon as possible :)

2
 
 

i am getting this error when trying to upload an image (web and voyager client).

anybody having the same problem?

{"data":{"error":"unknown","message":"Request error: error sending request for url (http://pictrs:8080/image): error trying to connect: tcp connect error: Connection refused (os error 111)"},"state":"success"}

3
10
submitted 3 months ago* (last edited 3 months ago) by Melody@lemmy.one to c/meta@lemmy.one
 
 

This post is currently a test and will be promptly deleted if it successfully posts without an unnecessary login prompt.

4
 
 

Hello everyone,

Sorry if I may sound rude, but I'm trying to see if this instance is still actively managed.

I know a few weeks ago I asked about the update to 0.19.3, and it happened shortly after, so I guess Jonah still keeps an eye on here.

My questions are:

  1. Is there a backup admin in addition to Jonah?
  2. All of the moderators of !privacyguides@lemmy.one besides Jonah haven't been active for several months, is the community still moderated?

For the context, due to some issues with the lemmy.ml moderations practices (https://lemmy.one/post/15387031), some people were looking for an alternative to !privacy@lemmy.ml.

!privacyguides@lemmy.one seems like a nice option, but raised also the questions above.

Thank you again.

5
 
 

Scroll through Local here and you will see. Communities and users that are local to this Lemmy.one have a black box for a photo. Viewing the profile/community from another instance displays the black box as well. It seems that users who have not set a custom profile picture just have a default Lemmy lemur icon, and that displays just fine.

If I try to upload a new profile photo, I get the following error:

Request error: error sending request for url (http://pictrs:8080/image): error trying to connect: tcp connect error: Connection refused (os error 111)

6
 
 

Hello,

Basically, the question is in the title. Just curious as lemmy.one is the second biggest instance still on 19.2: https://fedidb.org/software/lemmy?version=0.19.2

7
 
 

Hey one-lemmings! I'm looking for a home instance for a sister community to !testfediverse@jlai.lu. According to fedipact.veganism.social, you are federated to threads.net and that's what I'm looking for.

The goal of this community is to be place where you can try to post thing across the different software of the fediverse. Posts in all languages will be accepted but the main language would be french as it is the one in which I can moderate the most confidently.

Is this the right place to open my community? And is there other rules I should be aware of?

Thank you

8
 
 

I don't know if it's instance wide or if each instance I've interacted with has this set. However I seem unable to downvote posts and comments.

9
2
submitted 11 months ago* (last edited 11 months ago) by empireOfLove@lemmy.one to c/meta@lemmy.one
 
 

lemmy.one was a great start for me into the fediverse, but the time has come to move on. It's become apparent to me that the (singular) admin just isn't there, and this instance has been dead for almost a week now due to the outgoing federation bug that needs a second upgrade to repair.

I know Jonah has a lot on his plate, and it's the holidays after all so I don't blame him... but this has happened a few times now. unless he's going to bring new people on to share the technical admin load and get us more prompt attention, I'm jumping to dbzer0 which has significantly more active technical administration and more communities that I'm interested in.

Peace out y'all!

10
 
 

So there seems to a bug in version 0.19 where outgoing federation fails and so new content is not federated out to other instances. Incoming federation works fine and the bug itself is not affecting all instances on 0.19 but it seems lemmy.one is affected. There is a fix already published with 0.19.1

@jonah@lemmy.one could you please look into it.

Link to post telling about the bug and the 0.19.1 update to fix it - https://lemmy.ml/post/9559890

11
1
submitted 11 months ago* (last edited 11 months ago) by empireOfLove@lemmy.one to c/meta@lemmy.one
 
 

It seems my comments no longer federate to lemmy.world. I am wondering if anyone else has experienced the same.

I am not banned from the instance or it's communities to the best of my knowledge- I've checked the modlogs from their instance directly and I do not appear. But every comment I've made since about 8pm UTC on Monday (the last known federated comment) has not federated. Just compare my user account's activities between the two instances:
https://lemmy.world/u/empireOfLove@lemmy.one
https://lemmy.one/u/empireOfLove

They are still on 0.18.5 so is this a potential version mismatch bug between 0.19.0 and older instances? Content from their side is clearly still federating to us, as I see recent posts and try to interact with them, however nothing from our side seems to be federating to them.

12
 
 

Lemmy.one is already a few versions behind, and this is a HUGE release with a lot of often requested features (like per-user instance blocking!!) that i think we all need. Lemmy.ml has run release candidates of it for a few weeks now so I think they've gotten stability proven.

Is @jonah@lemmy.one even here anymore? Would it be too much to bother him for an update sometime soon?

13
 
 

We are still on 0.18.3, whereas lemmy.world is 0.18.5 (released at the end of September).

Jonah's account does not seem to be active either. Is it time to jump to another instance?

14
 
 

I’m not from Lemmy.one, but I was wondering what you think of not having downvotes. Do you like having the ability to downvote, or not being able to downvote and why?

15
 
 

Cross-posting from https://lemmy.ml/post/5719058


I've been working on a simple opt-in solution, primarily for Lemmy end users like me (but also helpful for admins), to easily check the status/health of their favourite instance.

🌎 lemmy-meter.info

You can find the details of the implementation in lemmy-meter github repo.


❓ @admins: would you be interested in adding your instance to lemmy-meter?

You don't need to do anything except confirming - I'll handle the rest. It should only take a few minutes for your instance to show up in lemmy-meter.

Out of the box it will send only 4 HTTP GET requests per minute to your instance. However that is totally configurable if it sounds too much or too little.

16
 
 

Seeing some content from lemmy.world from ~1-2h ago. I checked the instance list on .world and it seems like we're in the federated list. Anyone else seeing content as usual again?

17
 
 

According to https://gui.fediseer.com/instances/detail/lemmy.world

Reached out through Lemmy and Mastodon. No reply from the admin. Last activity from the admin was 2 months ago. Instance is also running an older version of Lemmy.

I assume they are defederating as a precaution, but as the largest instance they have essentially cut us off from a lot of content.

@jonah@lemmy.one are you still around and are you able to reply to them please?

18
 
 

Ever since the server got restored it seems like all of my new posts and comments (on other instances) are "invisible".

Is anyone having the same issue?

EDIT: It seems like the old technique of unsubscribing/subscribing to the remote community you want to interact with works, although at the moment Lemmy.World reacts faster compared to Lemmy.ml .

19
 
 

As you reading are undoubtedly aware now, the Lemmy.one instance experienced a massive failure this weekend. Unfortunately the data was not in a recoverable state, so the server was restored from a July 26th backup, and data after that time is likely lost.

Since this occurred while I was out of town, I haven't had the time to collect all the details of what happened, so I will have to post more information at a later time.

20
 
 

I’m not a robot obviously. It’s just copy+paste from various means to get back in, but it is highly annoying.

21
 
 

I've noticed long loading times and issues the past 2 days

22
 
 

Say I am looking for fellows who use FreeDOS. I open the "Comunities" tab(?) at the top of the page, right next to "Lemmy.one" and search - But these are only the communities that Lemmy.one knows about, right?

Thanks, everyone - I am gonna call this one solved.

23
 
 

Is it not possible to see Kbin posts while browsing on Lemmy? I noticed this when I found the Twice community, which is a Kbin magazine. I only see my posts when on Lemmy, but when I go to kbin.social, I see mine plus all of their posts.

24
 
 

I'm writing this post to inform you all that I have decided to defederate from the exploding-heads[.]com instance.

After carefully reviewing the instance, reported posts, and comments from our community, content on exploding-heads is clearly mostly—if not completely—in violation of our instance rules, including content posted by the instance admin themselves (a large factor in the decision to defederate any instance).

On other fediverse platforms I run, such as Mastodon, I would typically respond by "Limiting" such instances, since the main goal is to avoid the publishing and promotion of such topics on our public ("All") timelines, rather than control what you can or cannot access. Unfortunately, Lemmy does not yet offer the fine-grained moderation controls to make this possible, so complete defederation is our only option to avoid the re-publishing of content which is consistently hateful and discriminatory.

Defederation from other Lemmy instances is not taken lightly, and in the future I will continue to review instances on a case by case basis.

25
 
 

cross-posted from: https://lemmy.world/post/1299831 due to the text below:

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

I wasn't forced to sign back in.

Is everything under control Jonah?

Hi all,

If you're just now signing in for the first time in 12+ hours, you may just now be finding out that Lemmy World and other instances where hijacked. The hijackers had the full abilities of hijacked user, mod, and admin accounts. At this time, I am only aware of instance defacing and URL redirections to have been done by the hijackers.

If you were not forced to sign back in this morning, contact your instance admin to verify mitigations were completed on your instance.

How?

This occurred due to an XSS attack in the recently added custom emojis. Instance admins should follow the issue tracker on the LemmyNet GitHub, as well as the Matrix Chat. Post-Incident Activity is still on-going.

Currently, it is likely that just your session cookie was stolen, with instance admins being targeted specifically by checking for navAdmin, an HTML element only instance admins had. I do not believe this to affect users across instances, but I have yet to confirm this.

What happens next?

As I am not the developers or affected instance admins, I cannot make any guarantees. However, here is what you'll likely see:

  1. Post Incident investigation continues. This will include inspecting code, posts, websites, and more used by the hijackers. An official incident writeup may occur. You should expect the following from that report:
  • Exactly what happened, when.
  • The incident response that occurred from instance admins
  • Information that might have helped resolve the issue sooner
  • Any issues that prevented successful resolution
  • What should have been done differently by admins
  • What should be improved by developers
  • What can be used to identify the next attack
  • What tools are needed to identify that information
  1. A CVE is created. This is an official alert of the issue, and notifies security experts (and enthusiasts), even those not using lemmy, about the issue.

  2. A code security audit is done. This will likely just be casual reviews by technical lemmy users. However, I will be reaching out to the Mozilla Foundation and Cure53 as they recently did an audit of Mastodon. If there is interest in an external audit of lemmy and the costs are affordable, I'll look into crowdfunding this cost.

view more: next ›