Notices by Sharkey - Official Account (sharkey@shonk.social)

Hi, we've just made a critical security update for Sharkey- version 2024.9.3. This release contains fixes for the previously announced security vulnerabilities affecting Misskey, Sharkey, IceShrimp.js, and Firefish.

IMPORTANT: Misskey, Iceshrimp.js, and Firefish users should also look for the security release for your software, as they are also affected by these CVEs!

Hi, we've just made a security update for Sharkey- version 2024.9.2. This release fixes an actively abused DoS exploit in the media proxy.

NOTE: This is a different security vulnerability to the ones previously announced here. The patches for those vulnerabilities will be released tomorrow, as mentioned in the announcement.

Hello everyone, the Sharkey project has been quiet due to our ongoing efforts to patch major security vulnerabilities in coordination with Firefish, Iceshrimp.js, and upstream Misskey. On Wednesday, November 20th, 2024, our efforts will be finalized with a security release for all affected projects. It is of upmost importance to update your instance(s) to the latest version if you utilize any of the aforementioned software once the patches are released.

@puniko@mk.absturztau.be We will be making an official account on another instance, details will be announced in a bit.

Hello everyone.
Today we will be announcing the shutdown of Shonk Social.
Unfortunately, We do not have the time or resources to monitor or maintain this instance as well as we can with our main instances. As such, we have decided it's safer for everyone to migrate to a cozier instance.

You must migrate within 90 days from today - February 13th, 2025 will be the date Shonk.Social will shut down.

We invite you to check out Transfem Social, KitsuClub, Eepy Moe, PlasmaTrap among many other amazing sharkey instances.
This is NOT an invitation to advertise your instance.
Thank you for your support!
- Team Sharkey & Team Transfem

This is a big one, with numerous improvements!!

- We've got a new logo, made by @sneexy@booping.synth.download!
- A new following view, inspired by Cohost's following feed.
- Links to external sites now show a confirmation prompt (that can be disabled if the user chooses)
- Cat-speak can be disabled for other users notes.
- Avatar decorations can now be placed behind the avatar, courtesy of @CenTdemeern1@eepy.moe.
- Remote polls can now be refreshed by logged-in users.
- User profiles show the latest notes by default, with a tab for pinned notes.
- Users can now see their pending follow requests.
- Note attachments can now be properly navigated via keyboard.
- Users can now choose to mark their uploaded files as NSFW automatically (on their own, without the instance admin forcing all of their uploaded files to be marked as NSFW).
- Rejecting a new user's signup request frees up the username they used for use by other users.
- Admins can now have more control over the maximum sizes for notes; body, cw, and alt text can have their limits set individually. Separate limits can be set for remote instances, too!
- Moderators can now delete all files from a remote instance, courtesy of @privateger@plasmatrap.com.
- Local system accounts can no longer be deleted.
- Information about remote instances now includes following relationships, and actions that break federation will show how many relationships will be severed by those actions, also courtesy of privateger.
- When an instance is blocked or silenced because it's on a subdomain of a blocked/silenced domain, admins are given a clear message about why, and the buttons to un-block/un-silence are disabled instead of being useless.
- Reports from specific instances can now be automatically rejected.
- Abuse reports are now rendered better on small form-factors.
- Abuse reports now federate correctly with Akkoma & Pleroma.
- Welcome page & sidebar can have their own image instead of sharing the instance icon, so an instance can have a big fancy logo, without having to fork Sharkey, courtesy of @piuvas@capivarinha.club.
- If an instances donation link is set to Open Collective, supporters will be shown on the instances about page.

Noteworthy upstream changes:
- There is now a dedicated view for embedding notes & timelines on other websites via iframes.
- Allow-list federation is now supported.
- Users can now set a message to be sent to new followers when their follow requests have been accepted.
- The list of blocked & silenced instances is now inside the "moderation" section of the admin control panel.

Possible Suprises:
- The client setting "other -> experimental features -> enable condensed line for acct" finally does something- it compresses usernames horizontally instead of truncating them. Previously this setting did nothing for several releases, so some users may have enabled it and forgot about it.

View the full release notes (including upgrade instructions) here!
Also, please untag the people who are mentioned in this post before replying!!

We've just released version 2024.8.2 of Sharkey!

And this time, it actually uses less memory...

Of interest to admins:
- A pretty bad memory leak has been fixed. It was caused due to a leak that can sometimes occur in happy-dom if you don't explicitly call DetachedWindowAPI.close after you are done using a Window.
- Sponsor information is now powered by OpenCollective.

@fexplorer@procial.tchncs.de right now, our primary discussion space is held on discord, though we may create other spaces in the future.

@fexplorer@procial.tchncs.de @matrix@mastodon.matrix.org we'll keep that in mind when looking into future Sharkey spaces.

if you’re looking for a mobile app to use with Sharkey consider trying out @aria_app@misskey.io it’s available on iOS, android as well as MacOS, Linux and Windows

it doesn’t support some Sharkey specific features (such as edit notifications and profile background’s also the ui looks like the Misskey one) and it works pretty well and is overall a very good client even when using it with Sharkey

Alternately you can also try out the following apps though they are a lot more limited

Kaiteki - Android
Kimis - iOS

please welcome @julia@eepy.moe as the new lead of the sharkey project.

@BeAware@social.beaware.live you can find s3 settings in the admin panel :3

We have just released version 2024.3.3 we recommend updating sharkey as it includes a security fix

changes of the update:
- a security fix for a defect in the validation of JSON-LD signatures that could lead to account takeover
- non-ascii characters are now allowed in custom emoji names (please don't go too wild, other instances may not recognise the names)
- UI language is now saved and restored in "preferences backup"
- embedding a CW-ed note on other sites now only shows the CW, not the whole note
- various imports, and the generation of movie thumbnails, are once again working
- ranged requests to proxied files are now correctly handled (should improve video playback on iOS)
- the modtracker player is now loaded on-demand, so the frontend loads faster
- floating UI windows now render custom emojis in the titlebar
- the "word mute" feature now includes poll choices and image alt-texts
- custom emoji should look better in admin panel
- un-pinning emojis from the selector pop-up works better
- editing a note to add/remove an attachment, or the edit alt-text, works properly now
- instance description and server rules can now contain more HTML (images, centered text, details/summary, styled links)
- clearing cached files from drive should be more reliable
- all paginated views (e.g. timelines, various admin pages) should be more stable and not randomly drop items

⚠️IMPORTANT SECURITY UPDATE, PLEASE BOOST THIS POST⚠️

Please update your Sharkey to version 2024.3.2, there has been some security fixes to ensure validation of remote users and activities

this is a minor release mostly just for the security fixes

changes of this release:
- prohibited words are now correctly checked when creating notes
- notes with CW are no longer shown on the welcome page for non-logged-in users
- database migrations should no longer timeout
- docker image improvements
- important security fixes

Important Note for Users that do NOT use S3 and that USE Docker

There have been some improvements made to the Docker images that should fix some issues with that the container now runs as a seperate Sharkey user with id 991:991 so its required to change ownership of the files directory to do that run the following in the directory where your docker-compose.yml file is# replace web with what ever you named the sharkey service if you changed the default docker compose file docker compose exec --user=root web chown -R sharkey:sharkey /sharkey/files
Important Note for everyone
please update immediately there is a scheduled downtime on April 6th during that time the Sharkey docker images and repo might be unavailable for more than 2 hours

Alright, I've been thinking. When life gives you Misskey, don't make a Misskey Fork - make life take the Misskey back! Get mad! I don't want your damn Misskey, what am I supposed to do with that? Demand to see life's manager. Make life rue the day it thought it could give Fedi Misskey. Do you know who I am? I'm the Network that's gonna burn your house down! With Misskey. I'm going to to get my engineers to invent combustible Misskey that burns your house down.

Release 2024.3.1 - Codename #NotDeadYet

It's been a long while since the last release, but alas here we are with another Release after 2 Months of waiting.

This release includes a lot of bug fixes, and not many big features unlike the last release.

Changes in this Release:
- fixed lines connecting replies
- added a hover effect to replies in the detailed view
- if a direct link to a note in a long thread is opened a highlight will show which post is being linked to
- added download buttons for audio and video attachments
- added ability to select tossface emoji
- added oneko, the cute cat that follows your mouse pointer
- added a warning that will show up if you try to post images without alt text (this can be turned off)
- when searching for emoji, the closest match is shown first
- added ability to disable notifications from achievements
- the AiScript "scratchpad" shows line numbers in the editor and in error messages
- added ability for admins to set an URL for donations
- for translations, DeepLX-JS is supported in addition to regular DeepL
- blocked / silenced / suspended instances will not be listed to non-logged-in users, this makes it harder to target your instance for harassment based on who you block
- added a notification for when someone edits a post you have been tagged in
- made several improvements to the Mod player that should make it faster
- fixed the bug that would cause Sharkey to not work on older IOS devices / Safari version
- alot of fixes have been made to muting and blocking
- signToActivityPubGet now defaults to true even if not set in the config
- import from twitter decodes < etc
- reworked the boost visibility selector (only shows values that you can use, "local" is a separate switch)
- import from mastodon keeps alt text
- expandAllCws also expands all long posts on first click

in addition all the new features and bug fixes from the latest Misskey releases til 2024.3.1 have also been added.

Important Note for Users that have migrated from FireFish

Misskey has brought back Reversii, but firefish has dropped related tables, you will have to recreate those tables, please use "BEGIN;" before running any of these, so if anything goes wrong your database doesn't end up in a broken state-- Misskey used to have a Reversi game, Firefish dropped the tables, -- now Misskey uses them again CREATE TABLE "reversi_game" ("id" character varying(32) NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL, "startedAt" TIMESTAMP WITH TIME ZONE, "user1Id" character varying(32) NOT NULL, "user2Id" character varying(32) NOT NULL, "user1Accepted" boolean NOT NULL DEFAULT false, "user2Accepted" boolean NOT NULL DEFAULT false, "black" integer, "isStarted" boolean NOT NULL DEFAULT false, "isEnded" boolean NOT NULL DEFAULT false, "winnerId" character varying(32), "surrendered" character varying(32), "logs" jsonb NOT NULL DEFAULT '[]', "map" character varying(64) array NOT NULL, "bw" character varying(32) NOT NULL, "isLlotheo" boolean NOT NULL DEFAULT false, "canPutEverywhere" boolean NOT NULL DEFAULT false, "loopedBoard" boolean NOT NULL DEFAULT false, "form1" jsonb DEFAULT null, "form2" jsonb DEFAULT null, "crc32" character varying(32), CONSTRAINT "PK_76b30eeba71b1193ad7c5311c3f" PRIMARY KEY ("id")); CREATE INDEX "IDX_b46ec40746efceac604142be1c" ON "reversi_game" ("createdAt"); CREATE TABLE "reversi_matching" ("id" character varying(32) NOT NULL, "createdAt" TIMESTAMP WITH TIME ZONE NOT NULL, "parentId" character varying(32) NOT NULL, "childId" character varying(32) NOT NULL, CONSTRAINT "PK_880bd0afbab232f21c8b9d146cf" PRIMARY KEY ("id")); CREATE INDEX "IDX_b604d92d6c7aec38627f6eaf16" ON "reversi_matching" ("createdAt"); CREATE INDEX "IDX_3b25402709dd9882048c2bbade" ON "reversi_matching" ("parentId"); CREATE INDEX "IDX_e247b23a3c9b45f89ec1299d06" ON "reversi_matching" ("childId");

EDIT: side note we are currently doing a fundraiser for buying server hardware for Sharkey and our instances, it would help alot if you could donate (referee to https://transfem.social/notes/9q4cf231u9w700o5 for more info)

Thanks @puniko@mk.absturztau.be for replying to some of the rumors :3

Explaining Rumors about Sharkey, circulating right now.

for those that are to lazy to read the entire thing.
here is a TLDR:

yes, the lead dev marie has quit fedi as a whole but this shouldn't affect the project, as we have active contributors, and the other Project Lead @Amelia@transfem.social is still fully involved in the project.

Long Explanation:

Due to the recent drama sounding TransFem.social and the other dramas before it, marie former lead dev, has decided to quit fedi as a whole this includes leaving the Sharkey Project but she will stay and help out till the next release which is upcoming soon, after that @Amelia@transfem.social (Project Lead) and the other sharkey contributors will continue sharkey as usual, we have spent alot of time over the last month expanding the dev team behind sharkey and inviting more contributors, so the project is not dead, nor at risk of dying and will be developed as usual in the foreseeable future

PS: @Amelia@transfem.social is very dedicated towards the Sharkey Project, and has been in charge of managing the project and the servers / accounts since the beginning.

The increased spam bots have show that misskey instances lack moderation tools to deal with massive spam campaigns, we will be looking into improving instance moderation tools in #sharkey, to maybe get them as powerful as Akkoma MRF or atleast close

@puniko@mk.absturztau.be @flit@akkoma.flitpix.net @Amelia@transfem.social well we are actually planning on some major mod tool changes