BoarAvoir [they/them]

  • 2 Posts
  • 141 Comments
Joined 2 years ago
cake
Cake day: December 29th, 2022

help-circle
  • BoarAvoir [they/them]AtohexbearWhat happened to my 2FA?
    ·
    3 hours ago

    Hi, thank you for reporting this issue! sorry it's taken a bit to work its way to the relevant people. It should be working now, assuming you are not currently rate limited and you don't require multiple retries to get the 2fa code right.

    a little inside baseball

    So the issue is, lemmy doesn't have super granular controls on various API rate limits, there are only like 7 categories but there are many more API endpoints than that. For reasons I cannot fathom, the /login endpoint uses the same rate limit as the /register endpoint (for applying for a new account), which we keep pretty low to prevent registration spam, etc.

    In addition, 2FA logins require 2 calls to /login, since the first one has to come back with a response telling the page to display the 2fa prompt, and then a second request is sent with the 2FA code.

    Long story short, there was recently an attempted "raid" of the site by some trolls, and in preparation the /register rate limit was lowered further than normal, to only 1 per hour. This had the unintended effect of making 2FA logins impossible, and has now been increased. In future our devs may change the login rate limit to not track /register, but for now 2FA should be working again, though if you mis-type the code you may get rate-limited for an hour until a more permanent fix is in place.





  • BoarAvoir [they/them]Atochatthe tls certs expired
    ·
    7 months ago

    Yep. It is actually automated, it renewed on its own ages ago, but reloading the web server to pick up the new cert just silently failed. Should be resolved now.



  • dean-neutral

    (Note: this is not in any way an official statement by the admin team, I'm just a tech dweeb)

    Proposal: Do Nothing, but improve searchability by making the shortcode autocomplete also search by tags, not just the canonical name.

    We have the ability to add basically unlimited alt-names or descriptors to the tags for each emote, which has made searching in the emoji picker much more viable even for obscure emotes (provided they are well-tagged). Problem is, nobody uses the emoji picker, most people don't even know it exists.

    Make sure the library is reasonably well tagged and make that tweak to the searching and this whole conundrum goes away.

    Examples below of some existing tags from a previous effort to tag all the emotes:

    Show

    We might also want to make the alt-text more descriptive for people with screen readers but that's a separate conversation

    Edit: Oh it looks like a dev (comrade makotech222) has already chimed in on this below:

    also, its maybe possible we can enhance the inline emoji window to use keywords as well. would have to do some experimentation with it.

    This would also basically address the following other suggestions:

    https://hexbear.net/comment/4396592

    https://hexbear.net/comment/4397267

    https://hexbear.net/comment/4396837

    https://hexbear.net/comment/4396793

    https://hexbear.net/comment/4396237

    https://hexbear.net/comment/4395861

    https://hexbear.net/comment/4397894

    https://hexbear.net/comment/4395895

    https://hexbear.net/comment/4397730

    https://hexbear.net/comment/4397711

     
    

    secondary option if this isn't feasible: remove the unicode emojis from the emoji picker so it goes straight to our custom emotes when opened, and make it more prominent in the UI somehow (highlight it in a different color, make it bigger, make it sparkle, idc). And still finish the job tagging them all



  • As others have mentioned, that was implemented in a hurry due to tightening up security and safety around embedded images. I've brought it up to the devs to hopefully rectify, as if an instance is trustworthy enough to federate with (aka, not actively malicious) then it is probably safe to show their embeds (behind a blur).

    At the latest, this restriction will go away when lemmy upgrades to pictrs 0.5 which will support proxying image requests, but unless there are objections from the rest of the team we will likely add all federated instances to the image allowlist before then.



  • BoarAvoir [they/them]Atochapotraphouse*Permanently Deleted*
    ·
    edit-2
    1 year ago

    I really hope we can restore the old Active algorithm, it's still on the table afaik, but I'm told the way that lemmy's database schema works has changed enough that it isn't trivial to switch back to.






  • Yes, you are on the right track.

    What actually happened is, for the migration back to upstream lemmy, our devs developed and contributed the custom emoji feature, so that we could keep them, but since we were uploading them through the UI not baking them into the app when it was built as static assets, they had to go into pictrs (the image backend), which doesn't support SVGs yet. So as part of our migration we converted all SVG emotes back to PNG (apparently at a pretty substantial resolution).

    They render correctly on our side because the UI recognizes that they are a local custom emoji and applies different CSS than we do for other embedded images, but as currently written, there is no simple way to differentiate a federated emoji from any other embedded image, so when federated, our emoji get rendered as just any image, at whatever size the file is. We will likely contribute a fix for this upstream, though resizing all of our emotes to a consistent size would also do the trick, and may be undertaken as a stopgap in the mean time.




  • if you browse the frontpage by "All" you should see more and more posts from other instances as time goes on. Federation doesn't really work retroactively, at least not yet, so it isn't immediate.

    You can see what servers we are federated with at hexbear.net/instances and if there are any comms from those that you want to see, you can paste their URL into the search box here on Hexbear to find and sub to them (or to force an initial sync of the comm, as they dont federate unless at least one user here has subbed to it)