The new major version of Lemmy is now ready, and we need your help with testing. Most importantly it uses HTTP for API requests now, which is much more efficient than websocket. Additionally Two-factor-auth is supported. There are also countless other improvements and bug fixes.
You can register on any of the following servers to start testing, no approval required. You can post to your hearts content to find out if anything is broken. The test instances only federate with each other to avoid affecting production instances with spam.
If you encounter any bugs that aren’t present in 0.17, open an issue and mention in the title that it happened with a release candicate version. Over the next days we will publish new RC versions to fix bugs that will invariably pop up.
Instance admins can try the new version by using Docker images dessalines/lemmy-ui:0.18.0-rc.2 and dessalines/lemmy:0.18.0-rc.1. Make sure that working backups are in place. For production instances its better to wait at least some days for the major issues to be fixed.
Peeps, I am seeing some really worrying trends on https://lemmy.fediverse.observer/list. Many instances are quickly filling up with thousands of spam accounts which will soon be unleashed on the threadiverse. While bots can bypass captchas, they at least limit the simplest scripts. We are going to face this really really soon https://lemmy.dbzer0.com/post/87753
Can we at least add support for disabling VPNs, or using some other captcha solution like recaptcha? IP rate limiting is useless with VPNs, and email verification is more trivially bypassed than the current captchas.
I like the ideas of good captchas or text applications to join. However, using one’s IP kinda goes against the idea of privacy. I’d prefer if we find alternatives.
One alternative that already exists and has been working well for instances that use it is an application process.
Using an IP in this way has no impact on privacy. Instances already have your IP info as a result of interacting with them.
I see your point. What if I use VPNs with a killswitch? —meaning that I can only ever connect to the internet through my VPN. What if someone is avoiding surveillance from their government? Should they disable their killswitch and risk them finding out they’re part of something ‘political’ like Lemmy?
The server can see your IP when you connect to it and IPs are not sensitive either way. That’s not a privacy issue.
I’ll paste my comment to @muddybulldog@mylemmy.win, which also applies in this situation: I see your point. What if I use VPNs with a killswitch? —meaning that I can only ever connect to the internet through my VPN. What if someone is avoiding surveillance from their government? Should they disable their killswitch and risk them finding out they’re part of something ‘political’ like Lemmy?
How can you tell they’re spam accounts btw?
deleted by creator
On top of that there’s also activity, I saw a server with only 7 posts for 6K users, there’s no way those are real people.