this post was submitted on 27 Nov 2023
429 points (96.3% liked)

Announcements

765 readers
1 users here now

Official announcements from the Lemmy project. Subscribe to this community or add it to your RSS reader in order to be notified about new releases and important updates.

You can also find major news on join-lemmy.org

founded 5 years ago
MODERATORS
 

In anticipation of Lemmy's upcoming 0.19 release, and to work out any final issues, we're going to deploy a test release on lemmy.ml within the next few days.

We're doing this testing on lemmy.ml only, so that we can encounter any issues before the release, and to make sure the upgrade process is smooth for other production servers.

Some of the following will happen during the process:

  • Apps will likely break (only for lemmy.ml)
  • Lemmy.ml may experience some downtime for the upgrade to complete (ideally no more than an hour).
  • If anything goes wrong, we may have to restore from a database backup, meaning content made in between backups may be lost.

If all goes well, we'll have an official announcement for the release after this testing period.

I apologize for the difficulties this might cause. At most this will be a week of hair-pulling, but its vital that we catch any issues before telling other servers to upgrade.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 11 months ago (2 children)

I seem to have been screwed over by TOTP.

Hearing that this update was supposed to make borking your account harder to do when setting it up, I enabled it. Put the secret in my authenticator app, got my six digit code, and away I went.

Now, a few days later, having changed nothing on my end, Lemmy.ml won't accept my TOTP code. My session token on desktop is expired so I can't remove it now.

Currently my only lifeline to this account is my logged in session in Voyager, which, as far as I can tell, cannot access the TOTP setting. (Or any profile setting, for that matter... am I just stupid?)

No email to recover from, either. That's on me, I guess. Ugh.

Not sure what my recourse is, if I even have any.

[–] [email protected] 2 points 11 months ago (1 children)

Have you tried logging in through other apps to see if they’ll take your TOTP?

[–] [email protected] 1 points 11 months ago (1 children)

Connect, Sync, and Boost all told me to go kick rocks.

Evidently, whatever happened, it doesn't seem to be an issue with your platform.

[–] [email protected] 1 points 11 months ago (1 children)

Ok, and you’re getting a new 6-digit code from your authenticator app every time you attempt to log in?

[–] [email protected] 2 points 11 months ago

Yes.

I noticed my authenticator app (KeePassXC) offers the ability to customize the TOTP parameters (SHA function, time step, code size). But no combination of settings seems to produce a valid code.

I assume Lemmy uses the suggested defaults in the RFC 6238 standard?

[–] [email protected] 1 points 11 months ago

I think using an authenticator app capable of generating codes using SHA256 might do the trick if you have any possibility to try that.