Some people have reported being able to add TOTP from mobile. Most people that reported on desktop have the same issue. It's a lemmy thing, not just the instance. Lemmy needs to have you validate your TOTP before committing it to your account so you don't get locked out for turning it on but not being able to actually add it.
@[email protected] you are tasked with securing your network, please list all websites that should be blocked by default.
Thanks for the insight, that's good to know. What do you do if you need to move from one organization to another (it seems to be only allowed to move from personal vault to organization, not org -> personal or org -> org)
Same here. I added it to Keepass, then opened a private browser and tried to log in and it wouldn't take it. So one of 2 things:
I went ahead and removed 2FA so I wasn't locked out of my account if I get logged out somehow until this is fixed.
Catch the error and dump the response body to see what you're getting. Might just be the server is overloaded and not responding with the expected JSON. The full body should give you more clues
I'm going to read about GitHub being down (with a link to this repo) on Monday, aren't I?
I haven't spun up an instance, so I don't have a good idea what the DB looks like, but are IP addresses captured on either account signup and/or vote casting?
It's isn't a silver bullet, but it's prohibitively more expensive to spin up instances to cast votes for bot users versus running through a script on a single machine. If you've got an IP you might be able to pinpoint bot activity and the accounts associated with it (until they get smarter, at least)
Yes, captcha is the default minimum that should be implemented.
Also reasonable is to log account creation with IP and timestamp, which allows retroactively remove offenders if patterns occur, or [more easily] determining if 500 account signed up within 5 minutes from a single IP.
While kind of a pain, but fairly efficient: require a phone number with text verification to enable an account.
Yes I know there's ways around each of these, but it makes it much harder to spin up many accounts through rudimentary means.
Comment / post ratio is useless as well for this though.
Looks like I pretty busy, totally real server by the aforementioned metric
The Reddit app is terrible, but is it any worse than navigating and learning the fedivers
Oh no, I might ~~have to~~ get to learn something new!
Better just give up and do whatever some crayon eating CEO trying to IPO and make money off my eyeballs wants instead, it doesn't matter that the company effectively no longer listens to its user community or is just a straight up hostile wasteland of an environment. It beats learning something new and potentially finding something I like better!
This message sent from my AOL email.
PS don't forget to check out my MySpace.
ICQ#: 1282748
Pager #: 555-1212
/s
I have no problems with what each person wants to do. Stay on reddit, leave, whichever suits you. I personally like finding, learning new things, adapting, and evolving- especially when the company and/or its staff show how they really want to run things. I'm okay with being an early adopter, but know perfectly well that others want/need a more polished product and a larger community to entice them over. If not for early adopters, reddit wouldn't have been built up enough (or at all) to handle the Digg migration when Digg V4 drove most of their users away. Not everyone needs to switch all at once, but the way I see it, the community got a great boost in the right direction and will be here for when people are finally fed up with other service(s) in the future.
cross-posted from: https://lemmy.world/post/212576
As we've seen in the past week, a large amount of users don't care why subreddits are blacked out or why, they just want their timeline back to normal.
It's understandable, most users just want something to "work" when they want to use it and don't give any thought to what that means. We've already seen mods be replaced, deleted histories come back to life, whatever it takes for Reddit to make it seem "normal" so they don't lose users. Heck, even some of those who have left Reddit may be tempted to go back and read / comment on things they see there, because Reddit obviously isn't going to die overnight. So how do we continue the fight in the current environment Reddit has put us in while still getting a message across the users?
My thought is the following, and I'm putting it here because I think recent migrants are/were more than semi-casual reddittors, and it's clear we've got some development talent out there. I'm a developer as well but I'm looking for:
- Thoughts on the approach I'm suggesting
- Thoughts on implementation / usage
- Overall feelings regarding this in general
The idea
Make browser plugin(s) and / or a website that [knowingly to the user] intercept comment post requests for reddit and stores the post content elsewhere. In its place, all that is submitted to reddit is a link to a website (where people can click to view users intended comment text) along with a blurb about "reddit owning your comment data".
The browser plugin can also find these comments within posts and automatically query and get the raw text and replace it within a reddit page to make viewing these posts easier for everyone.
The idea being that the more users install the extension to easily read these posts, the more users obfuscate their posts so that other users also need the extension to more easily read comments on reddit.
Not only does this protect user data from being owned by Reddit, it makes it so Google searches will not find content on reddit.
Example post before and after:
(Unencrypted, or viewed with the browser extension installed)
(The posted content stored in reddit)
There's my idea. A few thoughts / notes:
- Is this possible? I haven't checked out manifest V3 or made a browser extension in a long time, but with what RES already does I assume this would be doable.
- Is it worth it? Will enough people want to read comments stored in this manner to "join the fight"? Who knows
- Should it store the comment data elsewhere, or just store encrypted text in the reddit comment itself?
Anyway. I know we've got a lot of ex-redditors here, a lot of very talented developers, and a fight still going on that deserves a next step from the users.
Open to any and all thoughts from. This is just a musing on a potential next step - I haven't decided if I'm going to start developing anything yet.
https://github.com/LemmyNet/lemmy-ui/issues/1863
https://github.com/LemmyNet/lemmy-ui/issues/1559
https://github.com/LemmyNet/lemmy-ui/issues/1544
A couple different ones regarding 2fa