BoarAvoir

joined 2 years ago
1
Re-Federation (lemmygrad.ml)
submitted 3 months ago* (last edited 3 months ago) by BoarAvoir@hexbear.net to c/HexbearEmbassy@lemmygrad.ml
 

Hi folks!

As most of you have already noticed, the technical issues blocking federation have finally been worked out, and we have refederated with Lemmygrad! Federation with other instances will come after we have confirmed no lingering ill effects from the retvrn-to-chapochat period, likely within the day. The change happened ~12 hours ago, but some further cajoling was necessary to get the servers actually talking again. (Edit: re-federation with other instances has begun. Edit 2: federation now enabled for all previously fed'ed instances)

Lemmygrad comrades, we are so happy to be back stalin-heart

(Thanks for making this graphic @TheImmortalScienceML@lemmygrad.ml )

[–] BoarAvoir@hexbear.net 9 points 5 months ago

It's fixed

(thank you for letting us know)

[–] BoarAvoir@hexbear.net 4 points 6 months ago (1 children)

Hi, thank you for reporting this issue! sorry it's taken a bit to work its way to the relevant people. It should be working now, assuming you are not currently rate limited and you don't require multiple retries to get the 2fa code right.

a little inside baseballSo the issue is, lemmy doesn't have super granular controls on various API rate limits, there are only like 7 categories but there are many more API endpoints than that. For reasons I cannot fathom, the /login endpoint uses the same rate limit as the /register endpoint (for applying for a new account), which we keep pretty low to prevent registration spam, etc.

In addition, 2FA logins require 2 calls to /login, since the first one has to come back with a response telling the page to display the 2fa prompt, and then a second request is sent with the 2FA code.

Long story short, there was recently an attempted "raid" of the site by some trolls, and in preparation the /register rate limit was lowered further than normal, to only 1 per hour. This had the unintended effect of making 2FA logins impossible, and has now been increased. In future our devs may change the login rate limit to not track /register, but for now 2FA should be working again, though if you mis-type the code you may get rate-limited for an hour until a more permanent fix is in place.

[–] BoarAvoir@hexbear.net 20 points 2 years ago (1 children)

As others have mentioned, that was implemented in a hurry due to tightening up security and safety around embedded images. I've brought it up to the devs to hopefully rectify, as if an instance is trustworthy enough to federate with (aka, not actively malicious) then it is probably safe to show their embeds (behind a blur).

At the latest, this restriction will go away when lemmy upgrades to pictrs 0.5 which will support proxying image requests, but unless there are objections from the rest of the team we will likely add all federated instances to the image allowlist before then.

[–] BoarAvoir@hexbear.net 3 points 2 years ago

Also dosent all modern operating systems have extracting files Just build in regardless of the format?

data-laughing No.

[–] BoarAvoir@hexbear.net 14 points 2 years ago* (last edited 2 years ago)

yes! Movie night going on now at live.hexbear.net

1
submitted 2 years ago* (last edited 2 years ago) by BoarAvoir@hexbear.net to c/hexbear@hexbear.net
 

We will be down for ~30 mins. If you can't get in after an hour, check our Mastodon or twitter for updates, or try force refresh, clearing cache, etc.

EDIT: doing another quick hotpatch. You may see some interruptions