In anticipation of Lemmy’s upcoming 0.19 release, and to work out any final issues, we’re going to deploy a test release on lemmy.ml within the next few days.
We’re doing this testing on lemmy.ml only, so that we can encounter any issues before the release, and to make sure the upgrade process is smooth for other production servers.
Some of the following will happen during the process:
- Apps will likely break (only for lemmy.ml)
- Lemmy.ml may experience some downtime for the upgrade to complete (ideally no more than an hour).
- If anything goes wrong, we may have to restore from a database backup, meaning content made in between backups may be lost.
If all goes well, we’ll have an official announcement for the release after this testing period.
I apologize for the difficulties this might cause. At most this will be a week of hair-pulling, but its vital that we catch any issues before telling other servers to upgrade.
I seem to have been screwed over by TOTP.
Hearing that this update was supposed to make borking your account harder to do when setting it up, I enabled it. Put the secret in my authenticator app, got my six digit code, and away I went.
Now, a few days later, having changed nothing on my end, Lemmy.ml won’t accept my TOTP code. My session token on desktop is expired so I can’t remove it now.
Currently my only lifeline to this account is my logged in session in Voyager, which, as far as I can tell, cannot access the TOTP setting. (Or any profile setting, for that matter… am I just stupid?)
No email to recover from, either. That’s on me, I guess. Ugh.
Not sure what my recourse is, if I even have any.
Have you tried logging in through other apps to see if they’ll take your TOTP?
Connect, Sync, and Boost all told me to go kick rocks.
Evidently, whatever happened, it doesn’t seem to be an issue with your platform.
Ok, and you’re getting a new 6-digit code from your authenticator app every time you attempt to log in?
Yes.
I noticed my authenticator app (KeePassXC) offers the ability to customize the TOTP parameters (SHA function, time step, code size). But no combination of settings seems to produce a valid code.
I assume Lemmy uses the suggested defaults in the RFC 6238 standard?
I think using an authenticator app capable of generating codes using SHA256 might do the trick if you have any possibility to try that.