TNG 2x17 - Samaritan Snare

Either he didn't take the improve elective or the Pakleds were just sucking all the smart out of the room.

Problem

One of the things that annoys me about Tesseract is that preferences, groups, and favorites are not synced between devices.

The user preference keys available in the Lemmy API don't even begin to scratch the surface of what Tesseract needs to store, so to date, it has only exposed the API-based user settings that affect the behavior of the API (show bot accounts, is bot account, return unread posts only, etc). Every other setting as well as groups/favorites, are stored in the browser's local storage.

For a long time, Tesseract has had a very hacky "solution" where Tesseract can (manually) backup and restore its settings to Lemmy by abusing the theme preference since it's a text column in the database (the settings get serialized to a JSON string and replace the value of the theme setting). That's typically how I sync my settings across devices. However, that's not ideal, breaks Lemmy-UI for your account until you restore it to a valid value, and is susceptible to the whims of the Lemmy devs who tend to break everything I try to do because "that's not how Lemmy-UI does things".

The other option implemented currently is manually downloading / restoring a JSON file and syncing that between devices manually.

Neither of those are great, but they do work.

Solutions?

I'm looking for a solution that would allow only authorized users to POST/GET their own user settings, etc while minimizing overhead for the user. Basically, I want it to be as seamless as possible. I've listed a couple of options on which I'm looking for feedback, possible gotchas, etc. Other suggestions are welcome as well.

Option 1: Utilize the Lemmy JWT

Send the Authorization: Bearer {JWT} header to Tesseract's internal API the same way it's sent to the Lemmy API.

Pros

1. Least amount of overhead for end-users
2. Seamless integration
3. Easy to implement

Cons

1. Some admins may not be comfortable plugging their JWT secret into a 3rd party app
2. Would only work with the default instance Tesseract is deployed to
3. If Tesseract is deployed "unlocked" to allow adding accounts from other instances, only the account on the "main" instance would be able to use settings sync.
4. Would not work for a shared/hosted instance that's open to everyone

Option 2: DM-Based Auth Tokens

After a successful login (to any instance), Tesseract generates and sends a DM to the user with an auth token. That token would then be entered into the app settings (or perhaps picked up automatically by an app handler and automatically inserted?).

Pros

1. Used by other Fediverse apps (Canvas and Fediseer, for example) and seems to be a valid method of cross-instance authentication
2. Would allow multiple accounts on different instances to authenticate
3. Relatively seamless if the auth tokens can be automatically intercepted and stored by the app itself (rather than requiring the user to copy it from the DM and insert it into the app settings).

Cons

1. More complex; Tesseract doesn't currently have the ability to send ActivityPub messages directly, nor do I have experience on that front. Alternatively, the admin who deploys Tesseract would need to provision a "service" account on the default instance, and DMs would be sent via the Lemmy API.
2. ???

Other Options

If you have any other suggestions, I'm all ears. Most of my experience with authz is in an enterprise environment (LDAP/OAuth) or with a single source of truth for user accounts. I try to never half-ass authz implementations, and this is no exception. If I can't make it secure and relatively seamless for the user, then I won't implement it at all.

TNG 2x15 Pen Pals

1.4.29

Note: I fixed the typos that are visible in the screenshots (they were all taken when I was testing)

This release brings bugfixes, proper rendering of custom emojis, and enhanced UX during the login process. Also, admins can now preset a template to be used in registration application denials.

Bugfixes

• Tweaked font sizing a bit so that H3/H4 heading differences are more pronounced.

• Added meta header to instruct Dark Reader to ignore the app. It's got automatic and manual toggle for dark mode (system preference or manual toggle), and DR doesn't render it correctly when it's enabled.

• Code spans inline with ! and @ community/user links cause the user/community links to not render

• Opening outside links in the same tab and returning back was causing lifecycle issues

  • Outside links now always open in new tab, "open links in new tab" option has been removed (open posts is new tab is still available though).

• Collapsing/Expanding the sidebars no longer collapse/expand inbox/report/application items to the default state

• Add route at /registration_applications to redirect to /admin/applications so the link in the "{User} has applied to join {instance}" emails from the API work if Tesseract is replacing Lemmy-UI.

• When updating community info/settings, any cached getCommunity details for that community is updated.

• Custom emojis are no longer treated the same as regular markdown images. Now display inline at 24x24 px.

New Features/Enhancements

Favicon Uses the Instances's Icon

Favicon uses the instance's site icon rather than the static Tesseract logo. Automatically changes if you switch instances and falls back to the Tesseract logo if no site icon is available.

Custom Emojis Are Now Rendered Properly

I had been content to let custom emojis be treated as regular images since many instances just use them as quick selectors for reaction GIFs (mine included). However, it was requested that I handle them properly, so I finally am. One bonus is that even though they're tiny now, they're still zoomable if you click on them.

If you want it to appear as a regular image, just remove the "shortcode" from the link URL:

• Before: ![A sign language interpreter making a jerk-off motion and rolling their eyes.](https://image.url/1.gif "jerkoff")
• After: ![A sign language interpreter making a jerk-off motion and rolling their eyes.](https://image.url/1.gif)

Better Login UX

Now has cleaner error messages if there is an error during login:

• Invalid username/password
• Invalid / expired / missing TOTP token
• Modals with additional info for non-standard login errors (registration pending/denied, banned)

| Invalid User/Pass | Invalid TOTP | |

|

| | | |

Registration Application Deny Reason Now Shown During Login

If a user whose registration application was denied attempts to log in, instead of a generic toast error message, a modal will pop up informing them that their application was denied along with the reason provided.

The reason is rendered as markdown, so if you include links for appeals, follow-ups, etc, those will be actionable.

Registration Pending Indicator During Login

If a user tries to log in while their registration application is pending, instead of a small toast error, a modal will pop up with a more detailed and user-friendly explanation.

Banned Indicator During Login

If someone has been banned from the instance, instead of a generic login failed toast, a modal will pop up with a more detailed explanation.

The modal will also try to fetch that user's details from the modlog to display whether the ban is temporary or permanent, the reason, and, if temporary, the expiration date.

Admins Can Now Set Application Rejection Preset Reason

In Settings -> Moderation, admins will see a new section called "Registration Application Deny Template". This allows you to pre-set a reason for registration application denials that can be one-clicked into the deny reason on the Applications page.

Get Tesseract

Docker

• ghcr.io/asimons04/tesseract:1.4.29
• ghcr.io/asimons04/tesseract:v1.4.29
• ghcr.io/asimons04/tesseract:latest

Links

• Github: https://github.com/asimons04/tesseract
• Hosted Instance https://tesseract.dubvee.org

Affected Versions: 1.4.21 - 1.4.28

Problem

Clicking an outside link from the feed and opening it in the same tab brings you back to an empty feed requiring a full refresh of the app.

Details

Navigating to an outside link in the same tab is treated the same as refreshing the page. This triggers, among other cleanup tasks, the memory optimizations that flush the feed, but, after navigating back from an outside link, the page is not triggering the handlers to re-create the feed.

Workaround

From the feed, click the Gear icon to load the quick settings. Enable the option "Open Links in New Tab".

Fix Status

There are a few ways to fix this, but removing the memory optimizations from the "refresh" handler is the easiest. I'm testing that in dev right now. I have other optimizations which may make these redundant, so if I am able to remove them, it both solves this issue and simplifies the code.

If those are needed, then I'm going to have to come up with another way to detect a page refresh that doesn't also trigger when navigating to an outside link (or at least some clean way to differentiate the two actions).

Curious if this would have any noticeable energy savings. Basically thinking of taking old semi-disposable plastic containers (the ones that like deli meat, butter, etc come in), freezing them outdoors, and letting them defrost (absorb heat) in the fridge/freezer. Basically back to the "ice box" model.

Anybody doing that and/or have any results to share? Mostly curious if it would be worth the effort.

Cross-posted from "Caving in Trout Cave, West Virginia" by @m_[email protected] in [email protected]

If you’ve used the Espressif series of processors, perhaps you’ll have heard of their upcoming ESP32-P4. This is an application processor, with dual RISC-V cores at 400 MHz, and save for a lack of an MMU, a spec sheet much closer to the kind of silicon you’d find in single board computers with pretensions towards being a mini-PC.

The Tanmatsu (Japanese for “Terminal”) is an all-in-one palmtop computer for hackers, with a QWERTY keyboard and an 800×480 DSI display. It’s designed with plenty of expansion in mind, and it’s got space on board for a LoRa radio. The reason we’re interested is that it comes from some of our friends in the world of event badges, so we’ve seen and handled real working prototypes, and we know that its makers come from a team with a proven record in manufacture and delivery of working hardware. The prototype we saw had hardware that was very close to the final version, and an operating system and software that was still under development but on track for the April release of the device. It will be fully open-source in both hardware and software.

Austin St. John and Walter Emanuel Jones, who played Red and Black Rangers Zack and Jason, recently opened up about their experience being catapulted to '90s superstardom... and seeing very little in return.

It’s long been known that, despite Power Rangers‘ overnight success, its behind-the-scenes drama saw its cast and crew earn very little of the blockbuster cash the series brought in as it exploded in the early ’90s. But in a new video together, two of the original members of the Mighty Morphin’ team opened up about just how sketchily they were treated, both before and after Saban realized the phenomenon it had in its Spandex-clad hands.

The woman reportedly screamed out in pain as she was being taken out of the machine.

An anonymous medical provider reported the strange incident to the Food and Drug Administration in April 2023, though it’s received renewed media attention this week. The 22-year-old woman reportedly screamed out in pain as she was pulled out of the magnetic resonance imaging (MRI) machine following a scan, which then prompted her delayed admission of having had a “butt plug” inserted.

The post image shows Tesseract in dark mode with the Dark Reader extension active. It's not supposed to look like that lol. In the SpaceX post, the text should be legible with a gradient effect, but DarkReader breaks that. Also, the borders should not be anywhere near that pronounced.

This is how it's supposed to look in native dark mode

Native light mode + Dark Reader looks kind-of okay (I may even adjust the native color scheme to be closer to that), but it still breaks the gradient effect on collapsed post previews and makes some buttons appear disabled:

You can disable Dark Reader on a per-site basis, and it's recommended to do so for Tesseract. Customizing the native themes to work better with Dark Reader is obviously not a priority since there is a native dark theme already lol.

Edit: I found there's a way for the app to tell Dark Reader to disable, and I have that added to the dev branch. I'm working on making that "disable" header dynamic, but for now, I'm fine with statically disabling it.

Cross-posted from "1.4.28 Released" by @[email protected] in [email protected]

1.4.28

Note: I only crosspost release info here when there are new features worth mentioning, so I copied over some of the notes from the previous release that I didn't post. Also, the image is just the only clearly visible new feature (formatting help/cheatsheet). I added that just so it would roll-up the two announcement posts into cross-posts.

This release brings a few bugfixes and several quality of life improvements. Also, mods are now able to see the votes on submissions to their communities (if their instance is on 0.19.4 or above).

Bugfixes

• [Bug/Annoyance] When highlighting text in the markdown editor and using the toolbar buttons (e.g. highlight a word and click "bold"), the text area would annoyingly scroll to the bottom. No longer does it do that.
• [Bug] Default moderation template had a missing piece (community) and didn't really make sense.
• [Bug] Don't poll notifications from Notification system timer handler if no active profile. The poll function didn't actually run, but no reason to call it if no profile
• [Bug] Usernames in direct message headers were improperly truncating
• [Regression] The 'Filter Annoying CC Licenses on Comments' option wasn't working since the markdown pre-processor re-write.
• [Bug] Ensure post titles are not linkified. This includes both regular URLs in the title (typically flotsam from Mastodon) and unwanted mailto:[email protected] email links when the titles contain [[email protected]](/c/[email protected]) or @[email protected].
• [Bug] Dynamically import separate CSS themes for HighlightJS depending on app theme. Makes code blocks easier to read since the default styling assumed light theme.
  • Known Quirk: Unfortunately, this is not reactive to changing the app theme without refreshing the page.

Minor Changes

• [Settings] Moved inbox/notification related settings to new section in /settings page.
• [Notifications] Notification poll interval is now configurable
• [Infrastructure] Removed unused settings key for notificaiton rate
• [Infrastructure] Can now specify section URL param on /settings page to open the specific panel (useful for linking to a settings section; yet to be implemented elsewhere)
• [Direct Messages] Updated the message header to be more email-like
• Can now set an option to expand all inbox, reports, and/or registration applications by default.

Vote Viewer Now Available to Mods

If connected to an instance running API 0.19.4 or higher, the vote viewer is now available to mods for items in their communities. I had always planned for it to be, but I wasn't aware that had been implemented in the API already. Apparently it's been available to mods at the API-level since 0.19.4 (thanks @[email protected] for pointing that out).

For those unaware, the vote viewer is accessible from the Moderation Modal -> View Votes... button.

Link Menu / Alternate Source Selector

The link menu / alternate source selector for YouTube-like videos now lists all user-defined Piped/Invidious instances instead of a single, static link to the currently-selected instance.

Added "RemovePaywalls.com" as an option in the archive link selector

Community Profile Modals

Post Drafts Less Likely to be Accidentally Lost

When creating a post in the community profile modal, the "Return to Home" back arrow will now prompt you for confirmation if there is anything in the post form. Helps prevent accidental loss of post draft via mis-click.

Upload Cleanup

When clicking the "return to home" button from the "Create Post" panel, the resetForm function from the post form will be called which will take care of cleaning up any uploaded media that would otherwise be abandoned.

Markdown Editor

Added new buttons to the toolbar

• Insert User Link
• Insert Community Link
• Table
• Code Block
• Formatting Help

The "Insert User/Community Link" buttons will let you search for a user and/or community and insert links to them in the body at the current cursor position. The inserted links are in the @[email protected] / [[email protected]](/c/[email protected]) format. Inline auto-complete is in the works but needs to bake a little longer.

The "Table" button will create a markdown table template.

The Code Block button is a menu which will let you select the lanaguage (or plaintext/other).

The Formatting Help button will load a modal with a markdown cheatsheet.

Toolbar Now Reflows

The markdown editor toolbar (with the formatting, emoji, image, etc) buttons will now reflow on mobile/small width screens rather than scroll horizontally.

Various Tweaks to Markdown Editor

1. Heading button is now a menu; can select headings 1 through 4
2. Fixed bug where highlighting text and using the toolbar buttons would always scroll it to the bottom
3. Numbered and bullet lists now give you three entries
4. On spoiler, code block, and lists, the cursor now goes to inside the block or in position for the first list item (respectively)
5. Highlighting text and clicking the "Link" button will now automatically put the text into the link label. For example, if you highlight the text "Home" and clicked link:

• Old behavior: Home -> [Label](url)Home
• New behavior: Home -> [Home](url)

Get Tesseract

Docker

• ghcr.io/asimons04/tesseract:1.4.28
• ghcr.io/asimons04/tesseract:v1.4.28
• ghcr.io/asimons04/tesseract:latest

Links

• Github: https://github.com/asimons04/tesseract
• Hosted Instance https://tesseract.dubvee.org