Why am I signed out every time I open this? Why can I hardly post anything anywhere? It’s like a dice roll.

    • Pika@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      1 year ago

      According to the support Community this was fixed about an hour and a half ago, but I continued to have issues I had to manually log out again and log back in to fix it

    • wpuckering@lm.williampuckering.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      17
      ·
      edit-2
      1 year ago

      I guess they don’t really know what they’re doing and are learning how load balancing works on the fly, and thinking that’ll result in HA without side-effects without further work.

      EDIT: Don’t really get why this was downvoted. With the proper technical knowledge it’s clear to anybody that two instances with different JWT secrets behind a load balancer is going to cause this very issue. So the fact that they set it up that way means they have a knowledge gap (“they don’t really know what they’re doing”). At the very least they should enable sticky sessions on the load balancer if they insist on going this route, which would mitigate the issue (but depending on client-side configuration would not necessarily prevent it completely).

      Don’t take this as an insult towards the admins of the instance, I’m just pointing out there’s a lack of knowledge, and some trial-and-error going on.

  • fubo@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    1 year ago

    Server-side authentication bug; maybe fallout from the recent attack? I’d expect instability for the next day or so as auth & related problems shake out.

      • fubo@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        1 year ago

        https://lemmy.world/post/1290412

        Summary: Attacker found a way to inject JavaScript into the sidebar, letting them steal auth tokens (“JWTs”), including from an admin account. They then used the stolen admin access to vandalize the site. At one point, the attacker used the stolen admin account to falsely announce that the attack had been remediated. Later that day, the attack actually was remediated by the site owner (Ruud) and the vulnerability was patched in the Lemmy code.

      • fubo@lemmy.world
        link
        fedilink
        arrow-up
        22
        arrow-down
        1
        ·
        1 year ago

        Production services are actually fuckin’ goddamn difficult, and I add another swear to this comment for every time I have to try reposting it.

        • Laxaria@lemmy.world
          link
          fedilink
          arrow-up
          12
          ·
          1 year ago

          Yep lemmy.world is live (stress) testing in production. It has its benefits, like when a set of patches were committed to vastly improve performance that was a big problem on a huge instance like lemmy.world but not on the smaller ones, and its downsides with all the random issues that pop up which happen when testing live in production.

      • puppy@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        edit-2
        1 year ago

        Lemmy has been improved at light speed over the last couple of weeks. When I joined around 3 weeks ago everything felt prototype-like. But now lemmy.world back-end with Voyager front-end feels almost like Apollo quality. At this rate, it definitely will, in another couple of weeks.

  • Gormadt@lemmy.blahaj.zone
    link
    fedilink
    English
    arrow-up
    10
    ·
    1 year ago

    Different instances have different levels of stability

    Blahaj has been pretty stable for me except during the recent attack

    Beehaw has been kinda meh on stability

    Lemmy.ml has been pretty stable when I’ve used it

    Jerboa (the app I use to browse) has been hit or miss at times, but has been really stable since instances moved to 0.18.

  • xkforce@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Getting logged out randomly and having to submit comments multiple times for them to post sure is fun. /s

  • Gutotito@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    Getting federation working as advertised is a pain in the ass. I ran a solo instance back when Mastodon was new, and there was no end to the nonsense it generated. That’s why I’m now subscribed to the instance @ernest is running. :)

    • RxBrad@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      Just setup my own Masto server for myself. My initial thought was, “Crap, I can’t follow anything by hashtag anymore,” since I’m the only user and nothing would get pulled in by federation.

      Then I learned about using https://relay.fedi.buzz to create a whole bunch of relays based on hashtags. And now it’s pretty much perfect for how I use it.

      My federation feed is just stuff I like, and my server doesn’t get filled with random crap from federating with hundreds of full-ass servers like typical relays give you.

  • fury@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    Reminds me of when I had to change my site’s login cookies from “session” cookies to “persistent” cookies because mobile browsers aggressively clear the session. I don’t know if that’s what was going on in this case.