Rockfurywtf is happening?
DarkmeatduckGetting the same thing. Found out I was unsubbed from the sub I was following.
Server-side authentication bug; maybe fallout from the recent attack? I’d expect instability for the next day or so as auth & related problems shake out.
Attack? I am outta the loop. What happened?
Summary: Attacker found a way to inject JavaScript into the sidebar, letting them steal auth tokens (“JWTs”), including from an admin account. They then used the stolen admin access to vandalize the site. At one point, the attacker used the stolen admin account to falsely announce that the attack had been remediated. Later that day, the attack actually was remediated by the site owner (Ruud) and the vulnerability was patched in the Lemmy code.
Appreciate the info.
alephServer side bug with lemmy.world and intermitent authentication. - LemmyWorld
I am currently getting signed out every minute from lemmy.world. This is not a client side cache issue. I tested making API calls from the command line (with curl) with no cache and the issue still occurs. One call I get the correct response, the next I get a 400 telling me im not signed in. I’m primarily testing with the https://lemmy.world/api/v3/user/unread_count [https://lemmy.world/api/v3/user/unread_count] api endpoint. I’m not sure if this issue occurs with all endpoints. Reproduction steps: 1. Get a lemmy.world JWT token for your account using your desired method (eg. postman). 2. curl https://lemmy.world/api/v3/user/unread_count?auth={JWT_TOKEN_HERE} 3. Note the 400 error. If you do not get an error repeat step 2. Edit This issue only seems to affect lemmy.world so a temporary workaround is to use a different instance for the time being.
Madbrad200lemmy.world is bugged right now. What I did is backed up my account subscriptions/settings and imported it over to sh.itjust.works. You may need to try a few times (it’ll tell you when it’s successful).
Lemmy.world when I tried to post kept saying not logged in. Created an account on sh.it just.works
samokosikI have also experienced some bugs. So now I have more accounts
Thank you for the tip on backing up.
Clean app data and cache, login again, fixed for me at least
That seemed like it worked for me but then it happened again eventually.
𞋴𝛂𝛋𝛆We beta testing
Betta believe it
Data's Cat SpotI’m just going to use accounts other than my one on lemmy.world for a bit while they sort out whatever’s going on.
I access lemmy through liftoff. No such issue.
I also use liftoff and I’ve definitely been having that issue on my lemmy.world account.
I just got logged out of my session :D
I logged out and back in again and that seems to have helped. Not sure if it mattered at all or if the timing was coincidental.
Logging out and back in only really fixes the “youre logged out” (not entirely though) issue. Posts still have to be posted multiple times for it to actually happen most of the time from my experience.
LastI heard it is a load balancing issue. Lemmy World has two instances, with two different JWT secrets, and you have a 50/50 chance of hitting the wrong server when you make any API requests.
PikaAccording to the support Community this was fixed about an hour and a half ago, but I continued to have issues I had to manually log out again and log back in to fix it
BlazeGreat!
Pleroma Supremacist, I love FSE and waifuism.life!@Rockfury ITS A
LEMMY MOMENT
GutotitoGetting federation working as advertised is a pain in the ass. I ran a solo instance back when Mastodon was new, and there was no end to the nonsense it generated. That's why I'm now subscribed to the instance @ernest is running. :)
PandanticErnest is running lemmy instance or you’re talking about kbin?
Yeah, kbin here.
RxBradJust setup my own Masto server for myself. My initial thought was, “Crap, I can’t follow anything by hashtag anymore,” since I’m the only user and nothing would get pulled in by federation.
Then I learned about using relay.fedi.buzz to create a whole bunch of relays based on hashtags. And now it’s pretty much perfect for how I use it.
My federation feed is just stuff I like, and my server doesn’t get filled with random crap from federating with hundreds of full-ass servers like typical relays give you.
GormadtDifferent instances have different levels of stability
Blahaj has been pretty stable for me except during the recent attack
Beehaw has been kinda meh on stability
Lemmy.ml has been pretty stable when I’ve used it
Jerboa (the app I use to browse) has been hit or miss at times, but has been really stable since instances moved to 0.18.
Kbin has had no issues for me and hasn't been attacked yet (or if it has been, dev Ernest apparently fought them off, probably barehanded too).
ISometimesAdmin@Silverseren With nothing but spare keycaps and toothpaste, no doubt
starlingukKbin gives me an error whenever I updoot a post, but that's about it.
ඞmirLemmy.ml was overloaded half of the evenings before lemmy.world found the causes of performance issues (now solved in 0.18.1)
Getting logged out randomly and having to submit comments multiple times for them to post sure is fun. /s
OldFartPhilLogin issue reportedly fixed with 0.18.2 update: Lemmy.world updated to 0.18.2
Lemmy.world updated to 0.18.2 - Lemmy.world
The lemmy.world instance was just updated to version 0.18.2. The login issues that were being reported (for example, here [https://lemmy.world/post/1364490]) are now resolved. For release notes: https://lemmy.world/post/1339018 [https://lemmy.world/post/1339018] Edit for those who still have issues logging in: - When using a browser: clear cookies and cache - When using an app: remove your lemmy.world account and add it again.
Good to know! Looks like the login/out issue stopped.
Every time they upgrade their servers you gotta re-login.
Sir_KevinThere are thousands of instances. I don’t understand why everyone is piling on to lemmy.world
Reminds me of when I had to change my site’s login cookies from “session” cookies to “persistent” cookies because mobile browsers aggressively clear the session. I don’t know if that’s what was going on in this case.