The Dev's stubbornness about captchas is a little baffling. Yes, they're not 100% foolproof but they help.
It's like arguing that we shouldn't have locks on or our doors because a skilled lock picker can get past them.
This Community is intended for posts about the Lemmy.world server by the admins.
For support with issues at Lemmy.world, go to the Lemmy.world Support community.
Any support requests are best sent to info@lemmy.world e-mail.
If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.
If you can, please use / switch to Ko-Fi, it has the lowest fees for us
The Dev's stubbornness about captchas is a little baffling. Yes, they're not 100% foolproof but they help.
It's like arguing that we shouldn't have locks on or our doors because a skilled lock picker can get past them.
The devs aren't pushing back against captchas, but they're desperately trying to get 0.18 out to resolve a ton of issues. Captchas need to be redone in the code level and no one has done it yet.
someone has done it, there's a PR here: https://github.com/LemmyNet/lemmy/pull/3289
That looks promising, hopefully weโll have an 0.18.1 release later next week
Ok so guys, I appreciate the devs of Jerboa for doing what they do, but I am absolutely switching to another app immediately when something else decent shows up.
Sync for Lemmy can't come quick enough
I'm trying them all. As of today, Connect for Lemmy seems to be working the best
Biggest concern for me is the broken auto scrolling/updating. I can't use this site properly as long as the list of topics doesn't stay in place long enough for me to finish reading the headline.
Hopefully after this is fixed I'll start contributing.
This will go away with dropping websockets
I just updated and it gave me an error on jerboa but it still seems to be working fine
Appreciate you waiting for the 18.1 upgrade
Alternatively to Jerboa, it's possible to use the web site as a contained web-app, using Firefox on Android.
Thanks for showing me this. It worked on chrome too.
@ruud@lemmy.world Dodged bullet anyway, v18 2FA doesn't make people confirm that their app is configured correctly by asking for a code, as is tradition. It just gives them their QR/Key and locks them into 2FA immediately. If they botch adding it to their app they are locked out. And I hear the code currently being generated is silently incompatible with Authy, so those people end up SOL even if they do everything right.
https://github.com/LemmyNet/lemmy/issues/3309 / https://github.com/LemmyNet/lemmy/issues/3325
Here is a link to the current state of captcha re-implementation: https://github.com/LemmyNet/lemmy/pull/3289
This request was reopened after it was merged prematurely. You can read the preceding discussion here: https://github.com/LemmyNet/lemmy/pull/3249
Lemmy Devs have agreed to add it back, so I dont thing it will be long.
I know these are early-adopter pain points, but I think if Lemmy is really gonna take off, the devs need to get serious about backward compatibility and ensuring backend upgrades don't completely break major instances/clients. IMO switching from websocket to HTTP should have been treated as a breaking change with a new major version release and a more controlled rollout period for this exact reason.
Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
"Semver proper" only starts at version 1.0.0:
Version 1.0.0 defines the public API. The way in which the version number is incremented after this release is dependent on this public API and how it changes.
This is important. Many people (and news outlets for that matter) consider Lemmy a product, when it really is very much an on-going early stage development effort.
It's amazing how well everything works already, but nothing should be considered stable at this point.
ELI5?
there's a couple of points here
note : the site version 0.18 is already out for the main Lemmy instance, which is lemmy.ml, but lemmy.world (where we are now) is gonna wait for version 0.18.1
I'm using Jerboa and everything seems to be working fine. Edit: Jerboa started playing up mainly crashing on opening it. Binned it off and now using Connect
I first thought my Jerboa was fine (despite the popup warning about version), since I could browse a bit without it obviously exploding. But no, it crashes regularly now (closes, no warning or messages).
I don't understand why a Lemmy update would be considered for release that removes security features like captcha support. (Especially during this time of high rates of signups, and well known bot wave in some instances.)
Combined with Jerboa update that needs the Lemmy update, and popularity of instances that need captcha, it's unfortunately causing a mess for many users.
I'm currently using the app called lemmy connect without issues.
Yeah it's not bad, I prefer jerboa (really I'm waiting for sync) but connect works fine
Lemmy.world is running Lemmy version 0.17.4 right now (check the bottom of any Lemmy instance and it'll tell you what version is running). The new version fixes a lot of things, but lemmy.world can't upgrade to that new version yet because it'll be overrun by bot accounts. We have to wait for the next version and skip this update because that has the protections for bot accounts.
Damn, that sucks. Is manual approving + email not enough for the time being?
EDIT: I see that in the GitHub issue you linked, you answer this question. TLDR: No, it is not enough it seems.
manual approving
this won't scale, captchas are a low-hanging fruit that should have never been removed
Thanks for keeping the bots out! I'm still successfully using Jerboa, btw.
Thanks. I installed Jerboa yesterday and it was not working. Glad to know this may be the cause. I can wait for 0.18.1 for mobile access
Should've read this first. I was getting that instance outdated popup on jerboa app, thought a logout and re-login would resolve it. Now I can't login, my mistake..
Ouch. I understand exactly how things like that happen, but it is unfortunate. Hope it's resolved quickly.
There is a tremendous amount of pressure on everyone in the development/admin chain right now because of the insane influx of new users. (I'm one of them.) It amazes me how well everyone has been handling it. And I am grateful to all of you!
If you already Jerboa installed and set up and working then upgraded it in place, it seems to continue working fine with the 'outdated' version of lemmy.
That fact indicates that Jerboa is needlessly and overly sensitive with its startup checks when installing fresh and attempting to connect to a lemmy instance. I consider this a flaw with Jerboa.
Unfortunately, on my phone, the previous version of Jerboa always just crashed instantly on startup. That bug was fixed in the newest version of Jerboa, but I was never able to get Jerboa running enough previously to set it with a user account and preferred Lemmy instance.
Yeah, mine complained about the server version but from what I can see everything still works ok.
Why was captcha even removed in the 1sr place?
Captchas depended on websockets which were removed.
https://github.com/LemmyNet/lemmy/issues/3200#issuecomment-1600505757
"Note that captcha uuids and answers were stored in-memory in the websocket server which is removed now, so its necessary to add a new database table for captchas."
Thanks for being so on top of this.
Has the websocket api been removed from Lemmy with this update?
Yes
After installing Jerboa from the Play Store I encountered the crashing issue everyone is mentioning. I was able to seemingly fix the issue by going into the App Info -> Storage and hit Clear Storage. After it cleared it's been working fine for me. Hopefully this works for you folks unless I'm missing something about the issue.
Thank you for posting this explanation.