Coming to the App Store tomorrow!

Hey all! We still have some more QOL updates coming tomorrow or Saturday. Working on getting comments all sorted up (more like the Apollo style) and getting post editing/deletion as well as mod tools underway.

This update provides a VAST improvement to the image viewer. There shouldn't be any more issues with the swiping to close.

There are some issues still but they are minor and I'll get them cleaned up here soon. I've spent the day writing this viewer from scratch, so it's been a process.

The "white flash of death" should be fixed here as well when you open up the app.

We also now support localization! German is officially supported now, and we will be sourcing other languages to improve the experience for everyone.

Other minor fixes as well in this build, including a fix for a crash that was happening with the new spoilers.

Stay tuned, and happy scrolling!

App store version is up.

If you are on Lemmy.world, you need to update your JWT token. Sorry, this was not intuitive and there is no proper error message. This is my fault and we seriously just never got around to this.

Please go to "Manage Accounts" and then tap your Lemmy.world account. Hit "Edit Account", enter your password, then hit save. You should be back up and running.

Note

This information is based off of early reports I have seen. I don't claim to know the extent to which any damage was done and as such recommend a password reset (two-factor authentication would not be of use if authentication tokens were compromised), but we do know that this was a Javascript injection.

Update

As of right now, it seems that the vulnerability should have only exposed JWTs, which have been invalidated by those instance administrators. I'd still recommend a password rotation just because, but you should be alright.

==========

With the recent Lemmy.world incident, I'd like to update you all. This vulnerability could not have affected you had you been using only Memmy while browsing. It was a Javascript injection, and as Memmy does not execute any Javascript, there is no attack surface here.

The only case where this could have affected you would be if you had been signed in to your account inside of the in-app browser or the default browser and opened one of these posts. That however would not be something with Memmy itself, but rather the accessing of the PWA.

Regardless, as we don't actually know what happened, I'd recommend changing passwords. If any JWTs were compromised during this, regardless of 2FA status these tokens could be used to authenticate with your account.

From what I have seen, this was an issue that was limited to Lemmy.world, as supposedly they were running a custom frontend build. Other than that, I don't know anything else.

Also, for the record, there is only one instance in this application where a webview is used, which is when viewing the terms of service which simply loads a local file from the app assets.

Any questions, I'll try to answer them but you'd be better off asking people more knowledgeable about the incident.

As always, this is a good time to go over your online security practices.

It is strongly recommended that you use a password manager such as Bitwarden or 1Password if you do not use one already. This can help prevent credential surfing if you have used the same password over many sites, preventing you from having several of your accounts breached from a single breach.

If you have used a password on Lemmy.world that you have used on other sites, you should change those other sites passwords immediately.

Email addresses may have been breached during the attack and this may result in increased spam and phishing emails. It is strongly advised that you throughly verify any emails that you receive after this, particularly ones relating to login requests, messages from banks or payment providers, such as PayPal or government institutions.

Thank you for using Memmy and stay safe!

Edit: Other features that were not on the list:

• Hide read posts (with a button)
• Collapsible posts
• Images in comments
• Default comment sort
• All of the "Top" sort options
• Fixed issues with askign for local permissions: See these commits for what caused this: https://github.com/Memmy-App/memmy/commit/5a1ed47fd92f76c6b0931e4b2e5700584ee469d8 https://github.com/Memmy-App/memmy/commit/cdf9421e4955f7c93af0e750612e9db3dc4d6c61

Hey all!

For all of the testers, we have submitted a 0.1 build to TestFlight that needs to get approved. These usually only take a few hours unlike a full store release which usually takes 12-24 hours, so expect that here soon.

First, let me detail what is already fixed in the current TestFlight version and will be in the next store release:

• Sharing images inside of the image viewer will now download the image to be shared as an image, not as a link
• Link helper respects the theme and uses the URL keyboard for the link
• The post viewport should respect keyboard height and fill the remainder of the space
• Read icon now uses the correct theme/accent color (thanks ktgd)
• All /c/community links should now work (thanks ktgd)
• The last account you used is now remembered (thanks jderose)
• Search will automatically take you to the community or user if you include the @instance
• All refresh controls will respect the theme (no longer invisible)
• Added top hour, top six hours, and top twelve hours (I need to add them to defaults, I’ll do that here in a bit)
• Fixed image save/share not being present in compact mode
• Made sure that images that are both present in the URL and in the body of the post don’t show up twice
• Profile reload issues (i.e. if it fails to load) should be fixed
• Link info not displaying in posts is now fixed
• Blur respects the current theme
• Voting on a post in search now reflects that vote
• Modifications to the profile screen. This will help with load times when all you’re doing is looking at someone’s profile
• Performance improvements in the feed
• Performance improvements in comments
• Collapsing large comment chains no longer causes freeze/crash
• Performance improvements in profile
• Performance improvements in inbox

Here are the things being addressed that will be making their way into 0.1 TestFlight builds and should be available on the store either on Friday or Saturday:

• New swipe animation. Much improved, more performant, and without the visual bugs we have right now
• Error reporting. You'll get actual error messages now instead of the generic error codes Lemmy sends
• Markdown enhancements. Pictures in comments should be there, and more than one image in a post will be shown
• Editing or deleting a post
• Improvements to image viewer. I cannot PROMISE that swiping through images (like a gallery) will be there but I CAN promise that there shouldn't be any further issues with swipe to dismiss or issues with swiping to close some images
• Also, iPad users shouldn't have issues with viewing images in landscape mode anymore
• Other improvements (I'll list them as we add them)
• Other bug fixes (Same thing, I will list them as I add them)

Things to note:

I've seen some issues with subscriptions not showing up in the Traverse screen. I think this is a server issue, but I will verify that to be sure. I am experiencing this on Lemmy.ml and I think others are experiencing it on Lemm.ee. I wonder if a recent update (lemmy.ml seems to have updated) caused this. I also noticed that my upvote count on the profile has changed, not sure what that might be because of...

For issues, I strongly suggest reporting them on GitHub: https://github.com/memmy-app/memmy

While Sean and I do try to go through posts here, it's MUCH more difficult than it is on GitHub. We have an internal issue tracker that syncs with GitHub that we use to triage and develop roadmaps. It's hard to do that with posts here.

Thanks for all of the INCREDIBLE support over the past day from you guys!

Thank you for all your support over the past weeks. It’s helped us get to this point.

A word of caution: The build that was released is slightly outdated and there are a few issues that have already been addressed in that build. Unfortunately because you can’t replace the build in review, we were not able to update it as we went through this nearly week-long back and forth with Apple. It required an appeal to get us onto the store.

With that said, I’ll be releasing the final version of 0.0.2 tonight to TestFlight, and will begin build versioning starting at 0.1.0, which will be the next release on the store. I’ll try and have something submitted to them tonight and hopefully it will be reviewed and released within a day or so.

I'll update this post here in a few hours with more information. Tonight's build will include another list of bug fixes as well as vast improvements to the slide to upvote/comment feature (no more glitching, hopefully) as well as hopefully fixing a few issues with the image viewer.

This should give us a fairly stable release which I will submit to Apple for review. Thankfully, now that we have completed the initial review future updates should be much quicker (likely around 12-24 hours per update).

See you guys in a bit!

Cheers!

Once I hear back about the responses I have submitted, I will update you all. It is most likely best to just add an option inside of the app to either delete the account through the API or to direct the user to the correct location on the website to do this.

2 Edit: Ok back up as .79

Edit: Expired .78 because of a super annoying keyboard autofocus on the traverse page. Releasing .79 in about 5 minutes.

Hey all! Here are this version's changes:

• Fix infinite spinning on profile page
• Images that also have a post body now show both
• Fixed duplicate NSFW setting
• Keyboard for search now includes "@" for easy access
• Sign in/sign up screens now include "." for easy access as well
• Onboarding screen should render correctly on all devices
• You can save posts now. They will be synced with your Lemmy account. You can view them on your profile page
• All of your subscriptions will now show up and you can search through them. Also a more attractive and easy way to access them
• Default Active search was added to settings
• Settings was moved to profile. We will revisit this if it's a user issue (i.e. people can't find it, you guys don't like it, etc.)
• Issue with communities having an "infinite render" are fixed

We're getting there!

Happy scrolling!

Hey all. I want to do two things in this post. I'll get the first one out of the way real quick.

Community Rules

While I appreciate all the support and fun, I'd like for us to not attack or belittle, or make fun of any of the other apps or developers that are being made. Even if a comment could be interpreted as doing so, I'd rather us not share that content.

This obviously cannot be controlled by me outside of this community, but I'd like to emphasize that I think we should follow this behavior as a Lemmy community. There may be features of Memmy that are superior right now to those in other apps, and I am certain there are features in other apps that are superior to those in Memmy. The thing that matters is we are all working toward making a more accessible, friendly, and fun way to access Lemmy, and that is something that will help this community grow.

There's a reason that there were multiple successful iOS and Android apps for Reddit. There's a reason that even with an official Mastodon app, there are other apps that interact with Mastodon as well. No single developer can create THE app that will appeal to every user. I can't do that, nor can anyone else. So let's keep the spirit up for all the devs and work on this as a team.

With that said, here are some ground rules.

Rules

1. Be polite.
2. Don't start drama or anything that could be perceived as starting drama.
3. Don't trash talk, belittle, or joke about the work of other developers. This doesn't mean you can't say "I like this feature in X better than in Y". That's fine. But let's not start with "lol I had to delete that app it was garbage, idk wtf they are doing over there..."
4. Try to stay in-scope. Everything so far has been fine. Keep all the feature requests and bug info coming (although bug reports should mainly be posted to GitHub as it is much easier to view and triage there)

I might update this if I think of anything else, but that's pretty much it. I'm also not saying that anyone DID do anything like this, but I saw some content that could have been PERCEIVED as such.

Roadmap

We are looking at an MVP release to the App Store being submitted before the 1st. It will be either tomorrow or day after tomorrow. I am not sure how long it will take for review, but I'd give it a range of 12 hours (unlikely) to two days (maybe even longer).

After this MVP gets released, we will start implementing community feature requests. All of the posts you guys are making here and on GitHub are not going unread. We will figure out which ones we need to prioritize, which ones we want to prioritize, and which ones can be pushed back. We will release a detailed roadmap of this soon.

We have fixed all of the issues with crashes and that update will be released within the next day on TestFlight. We have also done the following:

1. Revamped the community/subscriptions screen
2. Created an interactive onboarding process for new users who don't know about Lemmy. It will help with picking an instance, give you details about the instances you can join, etc. Full .18.1 captcha support.
3. Cleaned up some more theme issues and UI issues.
4. Added editing of posts/comments

I think this is enough to give us an MVP for release. At the very least, I want to get something to Apple that they can put through the initial review process so that we can make sure we are fully compliant with their rules.

Hey all!

Edit 2: Well that was cool:

Looks like I hit a stray key before building...resubmitting now as version 0.0.1.75

Edit: Update released.

Going to be pushing an update here in a few hours with the following changes:

• The issue where tapping a post in your profile would cause a crash is fixed. We were getting ready to fix up profiles and this happened...sorry
• Profile page is now available for any user. Just tap their name in the feed or search.
• You can now swipe on an item in your inbox to mark it as unread. Still need to finish up mentions and messages, but I'll have that done tomorrow.
• Additional themes and a better way to select them. I'll get system default added either tomorrow or day after that.
• Other bug fixes under the hood

Let me know what all needs working on still and we will get it fixed up! Happy scrolling!

On a side note, I want to ask the following of everyone:

If you are having issues subscribing to communities (crash), please let me know the instance you are on and the community you are trying to subscribe to. I'm really curious to know what is going on there, as I am 100% unable to reproduce this issue but obviously it's happening to a lot of you.

There has not been any significant change to the subscription logic which makes me think that this might have something to do with something going on with a certain instance, but I cannot be sure. I am also curious if this is something that happened with the latest update to .18 and the use of the .18 API and API client inside of Memmy. There appears to be proper error handling here in this logic, so I am not sure what might be causing that crash.

Thanks!

Don't PUSH me, cause I'm close to the edge!

Hey all!

First, for those concerned, I have a multi-day vacation coming up here this week, so I'll be taking a nice break and cooking up a new batch of meth for the next spree (I kid I kid).

Here's the updates for the day for you:

• You can delete accounts now.
• Themes have been tweaked
• Push notifications - Available in Edit Account Settings
• Swipe co.....wait did you say push notifications? Yea, we'll talk about that down below.
• Swipe colors are theme-based now. Will continue tweaking these as needed.
• Other tweaks
• Oh and compact view users can now press the image to open it up.

Issues I know about and will address tomorrow:

• Voting on comments doesn't update the vote
• Going to a user profile is not yet complete. Don't worry, most of this should be done tomorrow. I've got pretty much all the designs laid out and components now made for them. Just a matter of swapping out the old with the new :)

Push Notifications

I've set up a server that will perform checks for push notifications. Here are the ground rules you should know about:

1. I cannot guarantee the availability of this. As we scale, I will scale as well, so it won't be a problem with that. What I mean is that I cannot guarantee what Lemmy instances are going to do as far as rate limiting (I'm not 100% sure how it works yet). Although I am not spamming any requests at all (you're going to be making more requests for notifications just by having the website open), there will obviously be multiple users making requests from the same IP address now. Depending on what instances owners have in place, some requests might fail to go through. I'll monitor and see what happens.

2. Before you enable notifications, a message will appear letting you know that you are sending your authentication token to the Memmy server. This is NOT your password, HOWEVER, it does allow Memmy (and anyone who has access to it) access to your account. So, long story short, you are trusting me (and only me, nobody else has access to this server) with access to your Lemmy account.

This is not optimal. I would much rather have scopes where all I can do is READ your mentions/replies/etc, and this might be something that gets integrated later on in the API. We will see what happens with that in the future. For now though, there is only one scope of authentication.

If you do wish to revoke this token in the future for whatever reason, all you need to do is change your password and the token will be invalidated.

Again...you are infact sending your authentication token to the server and I technically do have access to it. Just as a heads up.

3. Here is how it works:

• You enable push notifications in the app

• Your username, instance, auth token, and push notifications token are sent to https://memmy.app

• The server attempts to access the Lemmy API endpoint /site. When authenticated, this endpoint returns user information.

• The server checks that the username in the API response matches the one sent to the server. If it does not, then either the authentication token was invalid or the username was not correct.

• If everything is correct, the server stores the username, instance, authentication token, and push token in the database.

• The server will check for replies (currently this is all I am checking for as to not create too much traffic) periodically. This should happen once per minute, but as users increase, there may be delays as I scale.

• The server will get the latest reply ID and see if it is greater than the last one received. If so, this is a new reply and it will be sent to the user. That reply ID will then be stored in the database.

• Subsequent devices are also supported. Notifications will be sent to each device.

4. Full source code is available to view at https://github.com/gkasdorf/memmy-push

5. To instance admins: All requests made to instances include the user-agent "Memmy Push/0.1 on behalf of username". The username is included to inform you that these are not requests made for one specific individual, but for multiple users. If this ever becomes a problem on your instance, please let me know as I would really like to make this work great for everyone, not just the users. This is a team effort.

On that note, please also let me know if you see any trouble with traffic coming from the app. Similarly, requests are made with the user-agent "Memmy ios version".

Feedback

Let me know what issues you have with this feature. Obviously it is new and I'm not sure how great it works yet. From my testing it works fine. I will slowly expand on the notifications delivered from this, however, I first want to make sure we approach this slowly so that we do not create an absurd amount of traffic that cannot be handled. I will closely monitor traffic and adjust timeframes if necessary.

The next update will include mostly visual and UI changes as we move toward normalizing the entire design of the app and bring about a great UX for all of you.

I'm also aware of a number of issues, and don't think they are unnoticed. Now that we have all the features in place, we can go through and fix every last one of these issues 👍

And lastly on that note, thanks for your guy's debug logs. We are now reaching a point where we are seeing on average 1 crash per 1000 sessions and debug logs are coming in quite less frequently than before. All good news :)

See you in the next update. Till then, happy pushing!