dormi.zone Meta

Hello everyone! When this post is about 24 hours old, dormi.zone will be offline for multiple hours to upgrade Lemmy to version 0.19.3.

This version introduces instance blocking for users and improves post ranking and two-factor-authentication.

Be advised that this update will disable 2FA for all users who currently have it enabled.

Read more:

• https://join-lemmy.org/news/2023-12-15_-_Lemmy_Release_v0.19.0_-_Instance_blocking,_Scaled_sort,_and_Federation_Queue
• https://join-lemmy.org/news/2023-12-20_-_Lemmy_Release_v0.19.1_-_Outgoing_Federation_fix
• https://join-lemmy.org/news/2024-01-10_-_Lemmy_Release_v0.19.2_-_More_Federation_Fixes
• https://join-lemmy.org/news/2024-01-22_-_Lemmy_Release_v0.19.3_-_A_Few_Bugfixes

geteilt von: https://lemmy.ml/post/12302987

Here is our regular update that explains what we have been working on for the past two weeks. This should allow average users to keep up with development, without reading Github comments or knowing how to program.

The last two weeks had these changes merged:

@Sleepless added a field so that users can see if they've been banned from a community. Has been refactoring Lemmy's exports to make them more easily used by 3rd party libraries, such as their lemmy-client-rs , and lemmy-ui-leptos. Added an animated avatar setting for users.

Has also been making improvements to lemmy-ui such as fixing a scroll bug, and hiding WYSIWYG buttons on preview. Has also been working a lot on lemmy-ui-leptos.

@Nutomic created an rfc for private communities, fixed an issue with the database logging connection URLs on an error. Added an optional site content warning and post-listing-mode. Also did a lot of code reviews.

@dullbananas fixed an issue with Comment Report reads, added better query plans, and is working on many DB improvements.

@dessalines added an instance-level default post sort. Added a maintenance task to clean up old denied users from the DB.. Made sure that blocking an instance also hides private messages from their users, to prevent harassment. He also added the ability to specify custom thumbnails for posts. Fixed an issue with auto-resolving reports when removing a post or comment.

Has also been making a lot of additions to Jerboa, such as admin registration applications, report queues, comment distinguishing, banning users from their profile page, privacy policies, and muted / smaller federated names.

@sunaurus created an rfc for separate report inboxes for mods and admins.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Merry Tennobaum everyone!

A little more than a week ago, Lemmy 0.19 was released; you can read more here.

As of now, outgoing federation is broken with this version of Lemmy, even after an attempted fix in version 0.19.1. View the related GitHub issue here.

Because of this, dormi.zone will remain on its current Lemmy version (0.18.5) for now. I'll keep you posted on any further plans.

Important: Lemmy 0.19 introduces a new implementation of 2FA. Once dormi.zone upgrades to a newer Lemmy version, 2FA will be disabled on everyone's accounts. This is intended to give back access to any account you might have lost due to 2FA issues.

Tenno! When this post is 19 hours old, dormi.zone will be undergoing technical maintenance and may be unavailable for several hours.

Compare to other timezones: https://everytimezone.com/s/f368a4ba

cross-posted from: https://lemmy.ml/post/6754481

Here is our regular update that explains what we have been working on for the past two weeks. This should allow average users to keep up with development, without reading Github comments or knowing how to program.

We published a new release candidate for Lemmy 0.19.0. Note that this so-called release candidate is really a beta. In the future we will use more appropriate version names.

Most importantly it includes the new feature to export user settings, and later import them on another instance.

The Docker image was changed from Alpine to Debian which should improve stability and performance (#3972). This unfortunately broke ARM builds, so we'd need some assistance getting them working again for debian.

The remaining changes are mostly minor improvements and bug fixes, you can see them in the full changelog. Please test the new version on voyager.lemmy.ml or by installing tag 0.19.0-rc.3 on your server. If you encounter any problems, report them on Github.

For Developers: This version includes various API changes compared to rc.1:

• The endpoints for exporting and importing user settings are at GET /api/v3/user/export_settings and POST /api/v3/user/import_settings. Note that the returned json is not meant to be parsed, but directly stored to disk (#3976).
• /api/v3/login now sets the auth cookie automatically, so clients might not have to handle it anymore. There is also a new endpoint /api/v3/logout which clears the cookie and invalidates the auth token (#3818).
• There is a new endpoint /api/v3/user/validate_auth which returns errors in case of invalid auth token. This is necessary because other API actions silently ignore invalid auth and treat the user as unauthenticated. We are changing various endpoints to return simply {"success": "true"} (#3993, #4058 (not included in rc.2)).
• The endpoint /api/v3/post/mark_as_read can now take an array post_ids instead of single post_id value but remains backwards compatible (#4048).

@nutomic improved the way that titles for Mastodon posts are handled (#4033). He also worked on various minor fixes and enhancements, see here.

@dessalines is nearly done with the redesign of join-lemmy.org. You can see it here, and check the pull request to provide feedback / suggestions. Also worked on cleaning up stale lemmy issues.

@SleeplessOne1917 reworked a much cleaner 2FA interface for lemmy UI (#2179), fixed a bug with the emoji picker (#2175), and added an enable_animated_images setting to users (#4040). Also worked on lemmy-ui-leptos.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Sorry if this isn't the right community to post to, I'm not sure where to ask this very specific question.

I want to subscribe to certain communities on @literatur.cafe. Nothing nasty, just book related communities.

When I use the search all I can find is the meta-community of that instance.

What can I do to find and subscribe to the communties hosted on that instance?

cross-posted from: https://lemmy.ml/post/6097110

Here is our regular update that explains what we have been working on for the past two weeks. This should allow average users to keep up with development, without reading Github comments or knowing how to program.

We are slowly getting closer to the 0.19 release, although there is still a lot of work left. Client developers should read this post with information about breaking changes to update their projects.

@nutomic has closed over 100 issues, most of them duplicates, invalid or already resolved ones. He also made numerous pull requests to fix minor bugs and implement small enhancements. This includes a bug fix for federation of admin actions which was released as 0.18.5. He is also changing the way HTML escaping is handled to avoid broken texts.

@dessalines is working on redesigning the join-lemmy.org website, adding the apps and instances pages. Also worked on rewriting the Docker images to use Debian as base instead of Alpine. Additionally he is adding support for new backend features to lemmy-ui (scaled search and cursor-based pagination).

@SleeplessOne1917 has implemented support for new block instance feature, finished implementing the remote follow feature, and updated 2-Factor-Auth to account for a backend rework. He also implemented some bug fixes. He has also been working on adding authentication to lemmy-ui-leptos.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

cross-posted from: https://lemmy.ml/post/5712030

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This release fixes a problem with federation of moderation actions performed by admin accounts. Specifically there is an check when receiving remote federation actions, which is incorrectly rejecting them in some cases. The problem is fixed by this release.

There are no other changes, and no updated lemmy-ui version.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they’ve proven to be the only way that open-source software like Lemmy can stay independent and alive.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Upgrade instructions

Follow the upgrade instructions for ansible or docker. There are no config or API changes with this release.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Changes

Lemmy

• Fix federation of admin actions (#3988)

cross-posted from: https://lemmy.ml/post/5328302

Some years ago we used to post weekly development updates to let the community know what we are working on. For some reason we stopped posting these updates, but now we want to continue giving you information every two weeks about the recent development progress. This should allow average users to keep up with development, without reading Github comments or knowing how to program.

We've been working towards a v0.19.0 release of Lemmy, which will include several breaking API changes. Once this is ready, we'll post the these changes in dev spaces, and give app developers several weeks to support the new changes.

This week @nutomic finished implementing the block instance feature for users. It allows users to block entire instances, so that all communities from those instances will be hidden on the frontpage. Posts or comments from users of blocked instances in other communities are unaffected. He also reworked the 2-Factor-Authentication implementation, with a two-step process to enable 2FA which prevents locking yourself out. Additionally he is reworking the API authentication to be more ergonomic by using headers and cookies. Finally he is adding a feature for users to import/export community follows, bocklists and profile settings.

@dessalines is currently implementing a redesign of the join-lemmy.org website. He is also keeping the lemmy-js-client updated with the latest backend changes 1 2 3.

@phiresky optimized the way pagination is implemented. He is also fixing problems with federation workers which are causing test failures and performance problems in the development branch. These problems were introduced during a complex rewrite of the federation queue which was recently finished, and is thought to allow Lemmy federation to scale to the size of Reddit.

@SleeplessOne1917 is implementing remote follow functionality, which makes it easy to follow communities from your home instance while browsing other instances. He is also fixing problems with the way deleted and removed comments are handled .

@codyro and @ticoombs have been making improvements to lemmy-ansible, including externalizing the pict-rs configuration, adding support for AlmaLinux/RHEL, cleaning up the configuration, as well as versioning the deploys. These will make deploying and installing Lemmy much easier.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. Recurring donations are ideal because they allow for long-term planning. But also one-time donations of any amount help us.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

cross-posted from: https://lemmy.ml/post/3021118

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This version fixes the problem of comment context not loading properly. It also fixes a couple other bugs.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they’ve proven to be the only way that open-source software like Lemmy can stay independent and alive.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Upgrade instructions

Follow the upgrade instructions for ansible or docker. There are no config or API changes with this release.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

What is Lemmy?

Lemmy is a self-hosted social link aggregation and discussion platform. It is completely free and open, and not controlled by any company. This means that there is no advertising, tracking, or secret algorithms. Content is organized into communities, so it is easy to subscribe to topics that you are interested in, and ignore others. Voting is used to bring the most interesting items to the top.

Major Changes

This version brings major optimizations to the database queries, which significantly reduces CPU usage. There is also a change to the way federation activities are stored, which reduces database size by around 80%. Special thanks to @phiresky for their work on DB optimizations.

The federation code now includes a check for dead instances which is used when sending activities. This helps to reduce the amount of outgoing POST requests, and also reduce server load.

In terms of security, Lemmy now performs HTML sanitization on all messages which are submitted through the API or received via federation. Together with the tightened content-security-policy from 0.18.2, cross-site scripting attacks are now much more difficult.

Other than that, there are numerous bug fixes and minor enhancements.

Support development

@dessalines and @nutomic are working full-time on Lemmy to integrate community contributions, fix bugs, optimize performance and much more. This work is funded exclusively through donations.

If you like using Lemmy, and want to make sure that we will always be available to work full time building it, consider donating to support its development. No one likes recurring donations, but they’ve proven to be the only way that open-source software like Lemmy can stay independent and alive.

• Liberapay (preferred option)
• Open Collective
• Patreon
• Cryptocurrency (scroll to bottom of page)

Upgrade instructions

Follow the upgrade instructions for ansible or docker. There are no config or API changes with this release.

This upgrade takes ~5 minutes for the database migrations to complete.

You may need to run sudo chown 1000:1000 lemmy.hjson if you have any permissions errors.

If you need help with the upgrade, you can ask in our support forum or on the Matrix Chat.

Hi Tenno ^and^ ^Envoys^!

Earlier today (or yesterday, I guess), I took parts of dormi.zone down for about 2 hours to assess and migitate possible damages caused by a security vulnerability in lemmy-ui (the part of Lemmy you see in your browser), see here: https://dormi.zone/post/98161
(You probably had to log in again, that's normal)

The good news is: We were never vulnerable!

The bad news: Some of you might have been a bit lost during those 2 hours.

If you were using a third-party app such as Jerboa or Liftoff, you could continue accessing dormi.zone as usual. Same if you were a user from another instance. But if you were registered on dormi.zone, you'd run into a 502 error and have no idea what's going on.

Now that I'm back from work, I've taken some steps to ensure you'll be properly informed next time:

• dormi.zone is now on Mastodon! I'll be using this account to keep you informed about outages and planned maintenance.
• When the dormi.zone frontend is down, instead of getting a 502 Bad Gateway error that doesn't tell you anything, the site will direct you to this Mastodon account for status updates.

UPDATE: Thanks to the analysis of other instance admins, it has been determined that instances without custom emojis (which includes dormi.zone) should be safe. As such, dormi.zone is now available on the web again. Expect another pinned post later today.

Below you'll find the original post.

Hello everyone,

There is currently a security vulnerability being exploited across Lemmy. Comments and other content on an instance containing custom emojis may steal your login session, see here: https://lemmy.ml/post/1895271

Due to this I have decided to partially take down dormi.zone.

Since the exploit takes place on the web UI of Lemmy, dormi.zone will be unavailable for the time being when visiting through https://dormi.zone/.

Remote users will continue to be able to interact with dormi.zone communities as normal. Users registered on dormi.zone may continue to access it using a third-party app such as Jerboa or Liftoff.

This instruction will be unavailable to anyone who isn't already using one. I'm aware that it's counterintuitive and I'm sorry. If I wasn't currently at work, I would have set up a proper status page when visiting dormi.zone. I'll make sure it's there the next time it's needed.

Expect to see a follow-up post where I share the assessed damages and next steps.

geteilt von: https://lemmy.ml/post/1895271

FYI!!! In case you start getting re-directed to porn sites.

Maybe the admin got hacked?

---

edit: lemmy.blahaj.zone has also been hacked. beehaw.org is also down, possibly intentionally by their admins until the issue is fixed.

Post discussing the point of vulnerability: https://lemmy.ml/post/1896249

Github Issue created here: https://github.com/LemmyNet/lemmy-ui/issues/1895

Hi everyone, the Lemmy version of dormi.zone has been updated to 0.18.1. This brings several changes, including:

• Two-Factor-Authentication
• Custom Emojis (stay tuned!)
• Ability to install dormi.zone as a Progressive Web App
• Better error pages
• different URL structures (check your dormi.zone browser bookmarks if you have any)
• Share button on posts
• performance improvements

If you notice double banners or any other theme weirdness, make sure to hard refresh dormi.zone in your browser (press CTRL+F5)!

Jerboa complains that we are not running 0.18 yet.

While it's not developed by DE, it is published and supported by them, so I expect a lot of Tenno will have their eyes on it. I know from the beta I met a lot of other Warframe players.

Would it be a good idea to import all posts from /r/warframe into dormi.zone? (maybe using the linked scripts)

There is lots of useful information in old reddit posts and they are pretty consistently among the top google results for various Warframe-related searches