Notices by Sharkey - Official Account (sharkey@shonk.social)

fireshonk and shonk-0
(firewall r630) and (worker server r730xd)

Hi! We've just released Sharkey 2024.11.2- It's a hotfix for a bug that could occur when scheduling a reply to a note. Happy new year!

With the new year just around the corner, we've got one last Sharkey release for 2024!

- Flash player! You can now attach .swf files to notes and play them back in the browser, using @ruffle@mastodon.gamedev.place, an Adobe Flash emulator.
- Scheduled notes, both through the web UI and through apps using the Mastodon API.
- Hostname contstraints for actors and activities are now slightly relaxed, restoring compatibility with Bridgy, an ActivityPub <-> AtProto bridge.
- Improved interoperability with other Fediverse software (Dislike activities are now handled, more types of "featured"/pinned activities are now allowed, activities interacting with other activities not known by the instance are no longer ignored).
- FriendlyCaptcha is now supported as a Captcha provider.
- You can now disable the RSS feed for your account.
- You can now disable the online status of your profile all together, rather than just making it always offline.
- Notes containing links to other notes (IE how Mastodon users might imitate quotes) are now rendered similarly to quotes.
- User profiles now show pinned notes by default when checking a profile, using the pinned notes tab.
- You can now configure the file permission bits used by locally-stored drive files via filePermissionBits.
- Poll edits are handled better.
- Profile edits are now only federated if the ActivityPub representation of their profile changes.
- Several improvements to error messages in logs.
- Enhanced ratelimiting logic.

Highlights of changes from Misskey:
- Users are now notified when their account is logged into from another device
- Users can now hide all their notes from logged-out users.
- Users can make past notes only visible to followers.
- If no administrators/moderators have logged in for a week, the instance will automatically switch to invite only.
- "Resolve report" and "forward report" are now separate actions.
- Animated MFM is now disabled if the browser is set to "reduced motion" mode

Possible surprises:
- If your timeline is jumping around a bit while scrolling, try going to "settings -> other -> experimental features -> enable render note skipping" and turn it off.
- During the 2024.9 release series, setting up allow-list federation may in fact have added those instances to the block list. Please double-check your allow-lists and block-lists.
- The sign-in flow for the web UI has changed (username and password are now input separately), which may break some bots or clients.
- The way themes are applied is slightly different now- previously, a theme setting accent became the CSS variable --accent, whereas now it becomes --MI_THEME-accent. Most users won't be affected by this, except those using custom CSS.

Special upgrade notes
- Instances setting CSPs via HTTP headers should add raw.esm.sh (for Flash playback) and cdn.jsdelivr.net (for FriendlyCaptcha) to their CSPs.
- A newer Node.js version is required- 22.11.0
- If you're not using Docker, you'll have to pnpm clean-all before pnpm install --frozen-lockfile, otherwise some modules will break.

Hi, we've just released version 2024.9.4 of Sharkey!

This release provides the following fixes:
- Most endpoints now have an explicit rate limit set on them, and the ones that don't use a global default. If any of these limits end up being too strict for practical use, please let the team know.
- Media proxy rate limits are now more relaxed.
- When note API responses are redacted due to being blocked by the user that posted them, the means by which the notes reactions are redacted is now slightly different, in order to prevent API breakage with Aria (and presumably other apps).

Hi, we've just made a critical security update for Sharkey- version 2024.9.3. This release contains fixes for the previously announced security vulnerabilities affecting Misskey, Sharkey, IceShrimp.js, and Firefish.

IMPORTANT: Misskey, Iceshrimp.js, and Firefish users should also look for the security release for your software, as they are also affected by these CVEs!

Hi, we've just made a security update for Sharkey- version 2024.9.2. This release fixes an actively abused DoS exploit in the media proxy.

NOTE: This is a different security vulnerability to the ones previously announced here. The patches for those vulnerabilities will be released tomorrow, as mentioned in the announcement.

Hello everyone, the Sharkey project has been quiet due to our ongoing efforts to patch major security vulnerabilities in coordination with Firefish, Iceshrimp.js, and upstream Misskey. On Wednesday, November 20th, 2024, our efforts will be finalized with a security release for all affected projects. It is of upmost importance to update your instance(s) to the latest version if you utilize any of the aforementioned software once the patches are released.

@puniko@mk.absturztau.be We will be making an official account on another instance, details will be announced in a bit.

Hello everyone.
Today we will be announcing the shutdown of Shonk Social.
Unfortunately, We do not have the time or resources to monitor or maintain this instance as well as we can with our main instances. As such, we have decided it's safer for everyone to migrate to a cozier instance.

You must migrate within 90 days from today - February 13th, 2025 will be the date Shonk.Social will shut down.

We invite you to check out Transfem Social, KitsuClub, Eepy Moe, PlasmaTrap among many other amazing sharkey instances.
This is NOT an invitation to advertise your instance.
Thank you for your support!
- Team Sharkey & Team Transfem

This is a big one, with numerous improvements!!

- We've got a new logo, made by @sneexy@booping.synth.download!
- A new following view, inspired by Cohost's following feed.
- Links to external sites now show a confirmation prompt (that can be disabled if the user chooses)
- Cat-speak can be disabled for other users notes.
- Avatar decorations can now be placed behind the avatar, courtesy of @CenTdemeern1@eepy.moe.
- Remote polls can now be refreshed by logged-in users.
- User profiles show the latest notes by default, with a tab for pinned notes.
- Users can now see their pending follow requests.
- Note attachments can now be properly navigated via keyboard.
- Users can now choose to mark their uploaded files as NSFW automatically (on their own, without the instance admin forcing all of their uploaded files to be marked as NSFW).
- Rejecting a new user's signup request frees up the username they used for use by other users.
- Admins can now have more control over the maximum sizes for notes; body, cw, and alt text can have their limits set individually. Separate limits can be set for remote instances, too!
- Moderators can now delete all files from a remote instance, courtesy of @privateger@plasmatrap.com.
- Local system accounts can no longer be deleted.
- Information about remote instances now includes following relationships, and actions that break federation will show how many relationships will be severed by those actions, also courtesy of privateger.
- When an instance is blocked or silenced because it's on a subdomain of a blocked/silenced domain, admins are given a clear message about why, and the buttons to un-block/un-silence are disabled instead of being useless.
- Reports from specific instances can now be automatically rejected.
- Abuse reports are now rendered better on small form-factors.
- Abuse reports now federate correctly with Akkoma & Pleroma.
- Welcome page & sidebar can have their own image instead of sharing the instance icon, so an instance can have a big fancy logo, without having to fork Sharkey, courtesy of @piuvas@capivarinha.club.
- If an instances donation link is set to Open Collective, supporters will be shown on the instances about page.

Noteworthy upstream changes:
- There is now a dedicated view for embedding notes & timelines on other websites via iframes.
- Allow-list federation is now supported.
- Users can now set a message to be sent to new followers when their follow requests have been accepted.
- The list of blocked & silenced instances is now inside the "moderation" section of the admin control panel.

Possible Suprises:
- The client setting "other -> experimental features -> enable condensed line for acct" finally does something- it compresses usernames horizontally instead of truncating them. Previously this setting did nothing for several releases, so some users may have enabled it and forgot about it.

View the full release notes (including upgrade instructions) here!
Also, please untag the people who are mentioned in this post before replying!!

We've just released version 2024.8.2 of Sharkey!

And this time, it actually uses less memory...

Of interest to admins:
- A pretty bad memory leak has been fixed. It was caused due to a leak that can sometimes occur in happy-dom if you don't explicitly call DetachedWindowAPI.close after you are done using a Window.
- Sponsor information is now powered by OpenCollective.

@fexplorer@procial.tchncs.de right now, our primary discussion space is held on discord, though we may create other spaces in the future.

@fexplorer@procial.tchncs.de @matrix@mastodon.matrix.org we'll keep that in mind when looking into future Sharkey spaces.

if you’re looking for a mobile app to use with Sharkey consider trying out @aria_app@misskey.io it’s available on iOS, android as well as MacOS, Linux and Windows

it doesn’t support some Sharkey specific features (such as edit notifications and profile background’s also the ui looks like the Misskey one) and it works pretty well and is overall a very good client even when using it with Sharkey

Alternately you can also try out the following apps though they are a lot more limited

Kaiteki - Android
Kimis - iOS

please welcome @julia@eepy.moe as the new lead of the sharkey project.

@BeAware@social.beaware.live you can find s3 settings in the admin panel :3

We have just released version 2024.3.3 we recommend updating sharkey as it includes a security fix

changes of the update:
- a security fix for a defect in the validation of JSON-LD signatures that could lead to account takeover
- non-ascii characters are now allowed in custom emoji names (please don't go too wild, other instances may not recognise the names)
- UI language is now saved and restored in "preferences backup"
- embedding a CW-ed note on other sites now only shows the CW, not the whole note
- various imports, and the generation of movie thumbnails, are once again working
- ranged requests to proxied files are now correctly handled (should improve video playback on iOS)
- the modtracker player is now loaded on-demand, so the frontend loads faster
- floating UI windows now render custom emojis in the titlebar
- the "word mute" feature now includes poll choices and image alt-texts
- custom emoji should look better in admin panel
- un-pinning emojis from the selector pop-up works better
- editing a note to add/remove an attachment, or the edit alt-text, works properly now
- instance description and server rules can now contain more HTML (images, centered text, details/summary, styled links)
- clearing cached files from drive should be more reliable
- all paginated views (e.g. timelines, various admin pages) should be more stable and not randomly drop items

⚠️IMPORTANT SECURITY UPDATE, PLEASE BOOST THIS POST⚠️

Please update your Sharkey to version 2024.3.2, there has been some security fixes to ensure validation of remote users and activities

this is a minor release mostly just for the security fixes

changes of this release:
- prohibited words are now correctly checked when creating notes
- notes with CW are no longer shown on the welcome page for non-logged-in users
- database migrations should no longer timeout
- docker image improvements
- important security fixes

Important Note for Users that do NOT use S3 and that USE Docker

There have been some improvements made to the Docker images that should fix some issues with that the container now runs as a seperate Sharkey user with id 991:991 so its required to change ownership of the files directory to do that run the following in the directory where your docker-compose.yml file is# replace web with what ever you named the sharkey service if you changed the default docker compose file docker compose exec --user=root web chown -R sharkey:sharkey /sharkey/files
Important Note for everyone
please update immediately there is a scheduled downtime on April 6th during that time the Sharkey docker images and repo might be unavailable for more than 2 hours

Alright, I've been thinking. When life gives you Misskey, don't make a Misskey Fork - make life take the Misskey back! Get mad! I don't want your damn Misskey, what am I supposed to do with that? Demand to see life's manager. Make life rue the day it thought it could give Fedi Misskey. Do you know who I am? I'm the Network that's gonna burn your house down! With Misskey. I'm going to to get my engineers to invent combustible Misskey that burns your house down.

Release 2024.3.1 - Codename #NotDeadYet

It's been a long while since the last release, but alas here we are with another Release after 2 Months of waiting.

This release includes a lot of bug fixes, and not many big features unlike the last release.

Changes in this Release:
- fixed lines connecting replies
- added a hover effect to replies in the detailed view
- if a direct link to a note in a long thread is opened a highlight will show which post is being linked to
- added download buttons for audio and video attachments
- added ability to select tossface emoji
- added oneko, the cute cat that follows your mouse pointer
- added a warning that will show up if you try to post images without alt text (this can be turned off)
- when searching for emoji, the closest match is shown first
- added ability to disable notifications from achievements
- the AiScript "scratchpad" shows line numbers in the editor and in error messages
- added ability for admins to set an URL for donations
- for translations, DeepLX-JS is supported in addition to regular DeepL
- blocked / silenced / suspended instances will not be listed to non-logged-in users, this makes it harder to target your instance for harassment based on who you block
- added a notification for when someone edits a post you have been tagged in
- made several improvements to the Mod player that should make it faster
- fixed the bug that would cause Sharkey to not work on older IOS devices / Safari version
- alot of fixes have been made to muting and blocking
- signToActivityPubGet now defaults to true even if not set in the config
- import from twitter decodes < etc
- reworked the boost visibility selector (only shows values that you can use, "local" is a separate switch)
- import from mastodon keeps alt text
- expandAllCws also expands all long posts on first click

in addition all the new features and bug fixes from the latest Misskey releases til 2024.3.1 have also been added.

Important Note for Users that have migrated from FireFish

Misskey has brought back Reversii, but firefish has dropped related tables, you will have to recreate those tables, please use "BEGIN;" before running any of these, so if anything goes wrong your database doesn't end up in a broken state-- Misskey used to have a Reversi game, Firefish dropped the tables, -- now Misskey uses them again CREATE TABLE "reversi_game" ("id" character varying(32) NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL, "startedAt" TIMESTAMP WITH TIME ZONE, "user1Id" character varying(32) NOT NULL, "user2Id" character varying(32) NOT NULL, "user1Accepted" boolean NOT NULL DEFAULT false, "user2Accepted" boolean NOT NULL DEFAULT false, "black" integer, "isStarted" boolean NOT NULL DEFAULT false, "isEnded" boolean NOT NULL DEFAULT false, "winnerId" character varying(32), "surrendered" character varying(32), "logs" jsonb NOT NULL DEFAULT '[]', "map" character varying(64) array NOT NULL, "bw" character varying(32) NOT NULL, "isLlotheo" boolean NOT NULL DEFAULT false, "canPutEverywhere" boolean NOT NULL DEFAULT false, "loopedBoard" boolean NOT NULL DEFAULT false, "form1" jsonb DEFAULT null, "form2" jsonb DEFAULT null, "crc32" character varying(32), CONSTRAINT "PK_76b30eeba71b1193ad7c5311c3f" PRIMARY KEY ("id")); CREATE INDEX "IDX_b46ec40746efceac604142be1c" ON "reversi_game" ("createdAt"); CREATE TABLE "reversi_matching" ("id" character varying(32) NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL, "parentId" character varying(32) NOT NULL, "childId" character varying(32) NOT NULL, CONSTRAINT "PK_880bd0afbab232f21c8b9d146cf" PRIMARY KEY ("id")); CREATE INDEX "IDX_b604d92d6c7aec38627f6eaf16" ON "reversi_matching" ("createdAt"); CREATE INDEX "IDX_3b25402709dd9882048c2bbade" ON "reversi_matching" ("parentId"); CREATE INDEX "IDX_e247b23a3c9b45f89ec1299d06" ON "reversi_matching" ("childId");

EDIT: side note we are currently doing a fundraiser for buying server hardware for Sharkey and our instances, it would help alot if you could donate (referee to https://transfem.social/notes/9q4cf231u9w700o5 for more info)