The 0.18 version of Lemmy was announced. This will solve many issues.
But we can’t upgrade yet because the captcha was removed, and captcha relied on Websockets, which are removed in 0.18 so despite the devs agreeing on my request to add captcha back, this will not be until 0.18.1. Without captcha we will be overrun by bots.
Hopefully this 0.18.1 will be released soon, because another issue is that the newest version of the Jerboa app won’t work with servers older than 0.18. So if you’re on Lemmy.world, please (temporarily) use another app or the web version.
The Dev’s stubbornness about captchas is a little baffling. Yes, they’re not 100% foolproof but they help.
It’s like arguing that we shouldn’t have locks on or our doors because a skilled lock picker can get past them.
The devs aren’t pushing back against captchas, but they’re desperately trying to get 0.18 out to resolve a ton of issues. Captchas need to be redone in the code level and no one has done it yet.
someone has done it, there’s a PR here: https://github.com/LemmyNet/lemmy/pull/3289
That looks promising, hopefully we’ll have an 0.18.1 release later next week
My very first post on Lemmy was a (admittedly out-of-date) rant about the devs stubbornness about the hardcoded bad words filter and their behavior in the relevant GitHub issues. And I had people jumping in the comments defending them, telling me that it was fixed years ago, they’re better now, surely that couldn’t possibly happen again.
I am Jack’s complete lack of surprise.
ETA: and yeah, I know about kbin, I’ve tried both, kinda waiting to see all the new Android native apps before completely moving over there. Seeing how all this shakes out.
They agreed to add them back. You can read their comments in OPs link
That only happened recently, though. For weeks they were replying to instance admins requests to reinstate captchas with things like “bots have beaten captchas, so they’re useless.”
What are you talking about? The issue to bring back captchas was only opened
4 days ago!Captchas were only removed 2 weeks ago, no one spoke up then: https://github.com/LemmyNet/lemmy/issues/2922
The developers have nothing against captchas. They were the ones who originally built and added the feature: https://github.com/LemmyNet/lemmy/pull/1027
My mistake, I understood admins had been asking for the return of captchas as soon as they were removed.
Still, it took a few days for the devs to agree to reinstate them, which, combined with the general tone seem in that second link, is what gave me the impression that they were reluctant to do so.
In open-source projects and communities, it’s often a bad idea to go around looking for (or inventing) conflicts among contributors. It can come across as drama-seeking or trolling.
In software engineering in general, a common reason that a desirable feature has not been written yet is that the people who know & work on the code only have so many hands, and so many hours in the day, and there are other things that also need doing.
This service is undergoing rapid development. Spam & abuse problems are things that folks who have run Internet services before are well aware of. It’s not like anyone is going to give up and let spam bots ruin the thing they’re building.
I doubt anyone wants to build a service that becomes 95+% spam & abuse, ya know?
Biggest concern for me is the broken auto scrolling/updating. I can’t use this site properly as long as the list of topics doesn’t stay in place long enough for me to finish reading the headline.
Hopefully after this is fixed I’ll start contributing.
Try changing the 1 at the end of the url to 0 as a workaround.
Live updates to the page is a great feature, but instead of fixing it, they just turned it off for 0.18.0. Gotta start making pull requests…
I know these are early-adopter pain points, but I think if Lemmy is really gonna take off, the devs need to get serious about backward compatibility and ensuring backend upgrades don’t completely break major instances/clients. IMO switching from websocket to HTTP should have been treated as a breaking change with a new major version release and a more controlled rollout period for this exact reason.
Major version zero (0.y.z) is for initial development. Anything MAY change at any time. The public API SHOULD NOT be considered stable.
“Semver proper” only starts at version 1.0.0:
Version 1.0.0 defines the public API. The way in which the version number is incremented after this release is dependent on this public API and how it changes.
This is important. Many people (and news outlets for that matter) consider Lemmy a product, when it really is very much an on-going early stage development effort.
It’s amazing how well everything works already, but nothing should be considered stable at this point.
Here is a link to the current state of captcha re-implementation: https://github.com/LemmyNet/lemmy/pull/3289
This request was reopened after it was merged prematurely. You can read the preceding discussion here: https://github.com/LemmyNet/lemmy/pull/3249
Lemmy Devs have agreed to add it back, so I dont thing it will be long.
deleted by creator
Appreciate you waiting for the 18.1 upgrade
Ouch. I understand exactly how things like that happen, but it is unfortunate. Hope it’s resolved quickly.
There is a tremendous amount of pressure on everyone in the development/admin chain right now because of the insane influx of new users. (I’m one of them.) It amazes me how well everyone has been handling it. And I am grateful to all of you!
Damn, that sucks. Is manual approving + email not enough for the time being?
EDIT: I see that in the GitHub issue you linked, you answer this question. TLDR: No, it is not enough it seems.
manual approving
this won’t scale, captchas are a low-hanging fruit that should have never been removed
They were removed because they don’t work with the new system, not because someone felt like removing it. If someone volunteers to add them back, they’ll be back
What I mean is why couldn’t they postpone the 0.18.0 release then?
Because it addresses a number of critical bugs. Why is nobody in this thread reading the update announcement? They explain themselves well there.
@[email protected] maybe link to it in this post as it’d probably clear up a lot of confusion.
The first link in my post is to the release blog.
Oh fuck you’re right lmao, sorry
@[email protected]: 0.18.1-rc1 is out with captchas: https://github.com/LemmyNet/lemmy/releases/tag/0.18.1-rc.1
Jerboa asks for 0.18 to be installed, but works with 0.17.4 mostly without issues.
it crashes constantly for me now.
Thank you for posting this explanation.
Lemmymade seems to work for now. But some features are missing there I think.
Ok so guys, I appreciate the devs of Jerboa for doing what they do, but I am absolutely switching to another app immediately when something else decent shows up.
Sync for Lemmy can’t come quick enough
Thunder on Android is the best of all the ones I’ve tried, Adaptive Icon and Material You support so feels very modern. It’s a newer app but has a nice clean layout and development is happening fast.
How does it compare to wefwef.app ? I’ve been using it a couple of days and it’s been pretty sweet so far. Found it on r/apolloapp.
I just checked this out. Until a better native app is created, I feel like this is by far the best choice for using the site on mobile. Good find 👍
I’m trying them all. As of today, Connect for Lemmy seems to be working the best
Connect for Lemmy is the best thus far.
Liftoff has no way to change font size yet. I find the text too small for easy reading. Trying all the apps at moment. Jerboa is fine, but currently cannot login until lemmy.world is updated. Connect seems to work ok. Basically they are all still a work in progress, but usable.
The latest version of Liftoff let you change font size.
Been using it for a while now. Feels great for being a WIP app but there are still some hiccups (can’t suscribe to communities that aren’t on the same instance as my account as an example). Prob will use both Jerboa and Liftoff
Btw you’re releases link goes to the 0.9.6 release which is still lemmynade
Why was captcha even removed in the 1sr place?
Captchas depended on websockets which were removed.
https://github.com/LemmyNet/lemmy/issues/3200#issuecomment-1600505757
“Note that captcha uuids and answers were stored in-memory in the websocket server which is removed now, so its necessary to add a new database table for captchas.”
No need for a database table, just encrypt the solution and encode it in the filename.
You don’t want to provide any more info to the client that you need to. Otherwise someone can write a robot that decrypts that filename and breaks the captcha.
Encrypted means encrypted with real cryptography, using a secret key known only to the server. If a random robot can break that, we are all in trouble. Almost all internet security depends on basically similar cryptography.
@[email protected] Dodged bullet anyway, v18 2FA doesn’t make people confirm that their app is configured correctly by asking for a code, as is tradition. It just gives them their QR/Key and locks them into 2FA immediately. If they botch adding it to their app they are locked out. And I hear the code currently being generated is silently incompatible with Authy, so those people end up SOL even if they do everything right.
https://github.com/LemmyNet/lemmy/issues/3309 / https://github.com/LemmyNet/lemmy/issues/3325
