Some people have reported being able to add TOTP from mobile. Most people that reported on desktop have the same issue. It's a lemmy thing, not just the instance. Lemmy needs to have you validate your TOTP before committing it to your account so you don't get locked out for turning it on but not being able to actually add it.
@[email protected] you are tasked with securing your network, please list all websites that should be blocked by default.
Thanks for the insight, that's good to know. What do you do if you need to move from one organization to another (it seems to be only allowed to move from personal vault to organization, not org -> personal or org -> org)
Same here. I added it to Keepass, then opened a private browser and tried to log in and it wouldn't take it. So one of 2 things:
- Most sites have you enter a code to validate that you have it right before applying the changes to your account - I did not get this in Lemmy
- They simply don't validate that you have 2FA set up correctly by asking you for a code prior to actually enabling it on your account and the log in with 2FA is broken.
I went ahead and removed 2FA so I wasn't locked out of my account if I get logged out somehow until this is fixed.
Catch the error and dump the response body to see what you're getting. Might just be the server is overloaded and not responding with the expected JSON. The full body should give you more clues
I'm going to read about GitHub being down (with a link to this repo) on Monday, aren't I?
I haven't spun up an instance, so I don't have a good idea what the DB looks like, but are IP addresses captured on either account signup and/or vote casting?
It's isn't a silver bullet, but it's prohibitively more expensive to spin up instances to cast votes for bot users versus running through a script on a single machine. If you've got an IP you might be able to pinpoint bot activity and the accounts associated with it (until they get smarter, at least)
Yes, captcha is the default minimum that should be implemented.
Also reasonable is to log account creation with IP and timestamp, which allows retroactively remove offenders if patterns occur, or [more easily] determining if 500 account signed up within 5 minutes from a single IP.
While kind of a pain, but fairly efficient: require a phone number with text verification to enable an account.
Yes I know there's ways around each of these, but it makes it much harder to spin up many accounts through rudimentary means.
Comment / post ratio is useless as well for this though.
- Create a server
- Create 10,000 bot accounts
- Have 85% of bot accounts create a random post
- Have 40% of post a comment on the main level posts
Looks like I pretty busy, totally real server by the aforementioned metric
The Reddit app is terrible, but is it any worse than navigating and learning the fedivers
Oh no, I might ~~have to~~ get to learn something new!
Better just give up and do whatever some crayon eating CEO trying to IPO and make money off my eyeballs wants instead, it doesn't matter that the company effectively no longer listens to its user community or is just a straight up hostile wasteland of an environment. It beats learning something new and potentially finding something I like better!
This message sent from my AOL email.
PS don't forget to check out my MySpace.
ICQ#: 1282748
Pager #: 555-1212
/s
I have no problems with what each person wants to do. Stay on reddit, leave, whichever suits you. I personally like finding, learning new things, adapting, and evolving- especially when the company and/or its staff show how they really want to run things. I'm okay with being an early adopter, but know perfectly well that others want/need a more polished product and a larger community to entice them over. If not for early adopters, reddit wouldn't have been built up enough (or at all) to handle the Digg migration when Digg V4 drove most of their users away. Not everyone needs to switch all at once, but the way I see it, the community got a great boost in the right direction and will be here for when people are finally fed up with other service(s) in the future.
https://github.com/LemmyNet/lemmy-ui/issues/1863
https://github.com/LemmyNet/lemmy-ui/issues/1559
https://github.com/LemmyNet/lemmy-ui/issues/1544
A couple different ones regarding 2fa