kbin.earth meta

Here's the list of user-facing changes from the release notes:

• We enhanced security so that after a user changes their password or 2FA, all the current sessions of that user will be invalid and the user will need to log in again.

• A new combined front page. You could make the combined front page the default in your profile settings. Which means you see both threads and microblogs combined on the homepage.

• We also introduced a new feature under general settings, where you can select "Who can send you a direct message" (defaults to everybody).

• We added support for magazine banners in Mbin (which is also compatible with Lemmy Communities).

• Mbin combines the thread form into just one form (instead of having article, link, and photo having a separate form). Mbin now also federates bans correctly (both incoming and outgoing bans).

• Global mods can now manage (view, approve and/or deny) account signups. Global mods can now also receive signup notifications, which will also come with a new menu item in the drop-down menu.

• Plus various other bug fixes and CSS layout improvements, ban notification fixes, and too many other fixes to mention here.

Hey all, Hoping to find someone who's been in a similar boat and was able to solve this. I am consistently getting a 500 Internal Server Error, but only when visiting /all on mobile (including the mobile "app"). I tried logging out and back in again. When I am logged out, /all works fine, but when I log back in I get the 500 error again.

Ideas?

Title. A story from maga.place showed up on my feed. Thank you.

Sorry that kbin.earth has been down today. Apparently, several people had issues yesterday, but I hadn't realized the full extent due to Matrix severely delaying my notifications.

The server unfortunately crashed while I was unavailable for the day, so I wasn't aware of the issue and couldn't fix it till I got back.

As an aside and general note for everyone, I don't intend on ever shutting down kbin.earth without notice. I also don't intend on completely disappearing either; I don't want people needing to wonder if something happened to me. If I plan to shut down kbin.earth (which I don't btw), I will give as much warning in advance as I can. (I'm not going to be a repeat of kbin.run)

Today only occurred due to an unfortunate combination of technology issues (my failure to receive Matrix notifications and the server crashing) and unavailability.

Again, sorry for the inconvenience. Best regards.

Over the last days and especially today I noticed quite a lag in federation from other instances. Comments and votes to my threads show up after half an hour or more.

I don't that much of an issue with this (as long as the stuff is federated at all), but maybe @jwr1@kbin.earth should check if the server is experiencing some underlying problems.

Sorry guys, but the spam users are getting out of hand. I've had multiple users (probably the same person) register for accounts and post digital art (in multiple communities) that sexualizes children, which I do not condone at all. Of course, they had to go and ruin it for any genuine person who wants to register.

Let me take a moment to restate the rules (which are always listed on the about page). They are simply: be respectful, no spam or advertisements, and no pornography or explicit content. Hopefully, it's implied that any content that could even be mistaken for CSAM is prohibited. If you have any questions or concerns about the rules, don't hesitate to reach out.

That being said, the only difference with registration is that you now have to fill out a text field explaining why you want to join the server, and then you have to wait for manual approval by an admin.

Since manual approval is now required, I am looking for a third admin who thinks they could help out, as I am not available all the time. Ideally someone who has already been using kbin.earth for a while and is decently active.

I see a new spam account among the new users section, but I don't see a way to report their profile? They don't have any comments, threads, or posts yet so I can't use the report functions there. Any ideas?

Hey all, I have been having problems getting offsite images to load via the image markup in comments. I see other Fediverse instances allow users to upload images directly, is that a feature that is active on KBin.Earth? If so how do I use it? I'm mainly using Interstellar as my client.

Thanks!

ClientException: Request failed with status 400: Bad Request: ("type":"https:VV tools.ietf.org/htmlV rfc2616#section-10","title":"An error occurred","status":400,"detail":"Bad Request"), uri=https://kbin.earth/api/ magazine/1/posts

Any hints what's up? Is my post too long?

Crossposted from https://gehirneimer.de/m/updates@kbin.melroy.org/t/766866/Mbin-security-disclosure

As most of the servers listed on the fediverse.observer and fedidb are not at v1.8.3 anymore, we need to talk about the security patch we released as part of v1.8.4. We have tried to get in touch with the remaining instance admins and gave them a week to update their instances.

In v1.8.3 a bug was introduced that caused a significant information leak on the user outbox endpoint, reachable through https://mbin.instance/u/username/outbox. This endpoint contains all public activities of a user. On servers running v1.8.3. this endpoint did not return JSON in an ActivityPub compatible format, but just serialized data. This serialized data contained nearly every bit of data Mbin has about a user: the IP, the email address, the private key to sign activities from this user, securely hashed passwords, 2FA secret and backup codes, etc. We think it is unlikely that someone made use of this, as this endpoint is not commonly used. Other ActivityPub software of course uses this endpoint to fetch data, but if that data is not in a compatible format it just ignores it.

We are very sorry about this and honestly very frustrated that it slipped by.

What can users do

The only thing you can really do is to change your password and two factor authentication (disable and re-enable it).

What can admins do

You could check your access logs for any requests on this endpoint not coming from a known fediverse software to research your instance specific instance.

What did we do / What are we going to do

To prevent this from happening again we introduced automated tests on that endpoint and will do so on similar new endpoints (like a magazine outbox) in the future.

We will also add a new command next release to generate new private keys for all users to prevent impersonation. However that might cause rejected activities for up to 24 hours. Every software we checked updates remote users at least every 24 hours including re-fetching the private key.

I am on a short break while driving, so I won't be able to reply. Somehow I am getting notifications like replies to comments, in threads and magazines where those notifications are off, I haven't participated. This started sometime in the wee hours Eastern USA time zone.

Thank you for your thread @green_copper, I have been looking into the issue and figured out one of the commits recently pushed to Mbin was borked (which I had updated to yesterday). I've reverted the commit and that seems to have fixed things.

The server is now working at max capacity to catch back up on federation, but it could take over a few hours, as the queue had over a million messages built up.

Thanks!

Since yesterday no external posts come in and also the votes are not synced.

Is it just me and if not is there already a suspicion what may cause this?

Exactly the title. I was considering setting up a PieFed server since that seems to be all the rage, and I thought I'd ask if y'all would have any interest in that.

It would be run with exactly the same polices as kbin.earth is run: lite defederation, be respectful, no spam, and no porn.

To add some info, PieFed doesn't have microblog capabilities yet, but it does have quite a lot of features that Mbin does not have, such as Feeds (combined community views), and the moderation/administration tools seem to be off the scale (in a good way).

I will admit, PieFed's API is nowhere near as mature as Mbin's, and definitely not Lemmy's, because that's just not what the PieFed developers are focusing on. Interstellar does provide PieFed support though.

Over the past week, I've seen the network traffic more than double from the usual amount, which has caused major noticeable slowdowns here. The total network bandwidth has gone from ~25GB on May 10th to ~58GB today.

I'm currently investigating the cause of the spike, but have not found anything yet. I can only assume it's from some form of DDOS attack.

In the meantime, I have temporarily doubled our server resources to account for the increased strain, which will hopefully reduce the number of slowdowns everybody's encountering. I'm hoping that sometime in the next few days, I will be able to figure out the root cause of the issue so we can get things back to normal.

Thank you for your patience.

Hello, thanks so much for this instance. Twice from two different instances now, I can see and reply to posts, then not see other comments or my own replies in the thread shown to me unless someone directly replies to me, or I visit the original URL.

lemm.ee and Lemmy.ca

Thank you all for your patience, and sorry for the huge downtime. I think it ended up being down about 40 minutes or so.

Luckily, I was able to get kbin.earth migrated over to the new Mbin Docker setup! This new setup means the Docker is now officially supported by Mbin, whereas it wasn't really recommended before.

And this new Docker setup was actually made in-house by ... me! I guess I'm officially an Mbin contributor now :)

Anyway, the other big thing I accomplished was upgrading the Postgres major version from 13 to 17 (the latest), which is quite a big jump! Actually, this database upgrade was really what took so long; the migration could have been done in ~5 minutes otherwise.

As always, let me know if you notice any peculiarities or issues caused by this migration.

...

JK, but happy April 1st to everybody!

I had a pm suggesting that 2010s Music,

"would do better if it actually had the word "music" in the /c name, i.e. !2010smusic"

https://kbin.earth/m/2010s

Is there a possibility to change it or do I have to delete and create a new magazine? TIA

I stuck it out on kbin.social for as long as it lasted, and just sort of swore off social media after it finally went under. Yet here I am...

So does anyone have the "let me explain, no there is too much, let me sum up" of the last 2 years? What sexy new features did mbin pick up while I was gone?

I noticed pages were taking a bit longer than expected to load, so I ended up upgrading to a new server. It already seems faster (and let's hope it stays that way too). As always, let me know if you notice any peculiarities that might have been caused by the upgrade.

It brings an extensive bookmarking system, signup request support, signup notifications, extended markdown rendering, custom notification settings to set magazines, users, threads and microblogs to default, loud or muted, setting a default sort for the front page and comment lists, a new image delete command for admins and documentation changes.

See this thread for a detailed review of the update: https://gehirneimer.de/m/mbinReleases/t/486586

As a reminder, if you'd like to help support the kbin.earth instance financially, there are a few donation links in the about page.

Also, for those who use Interstellar, expect an update sometime soon that will utilize some of these new features. Unfortunately, there is a bug in the Mbin API that will not let me add custom notification settings controls quite yet to Interstellar, but bookmarking in the app will be supported.

Over the last week, I tried to create two posts in a lemmy.world magazine. Both of them never showed up in the magazine when looked up outside of kbin.earth.

So I am interested in if I am the only one with this issue or if this is a wider known problem?

Hello,

I hope this is the scope of this community. I was having a look at https://mbin.fediverse.observer/list, and kbin.earth being the second biggest mbin instance got me curious: where is the instance hosted? I had a look at the "About" page, but it didn't mention it.

Thank you for your work with this instance!

Over the past 2 days, kbin.earth has been returning server errors on occasion (due to various reasons), making kbin.earth inaccessible. I have been looking into it but haven't found the root cause of the issue yet. Please bear with me while I investigate.

If you'd like to follow along with the status, you can join the kbin.earth matrix room. Reporting whenever you notice an error/outage also helps.

Thanks