this post was submitted on 13 Jun 2023
29 points (96.8% liked)

Technology

1928 readers
7 users here now

Rumors, happenings, and innovations in the technology sphere. If it's technological news, it probably belongs here.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

It seems like they are down for a longer time now. How will they recover? Does longer down mean they will have to do more catching up with other instances? Can I get updates somewhere?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago (5 children)

Used Reddit for 13 years, tried out Kbin and Lemmy yesterday and settled on Lemmy.

Long story short, I'm going back to Reddit.

  1. There needs to be ONE site, Lemmy.com, that people goto. This entire thing about having .whateveryouwant is VERY off putting. Most internet users have been trained to be extremely wary of odd or unusual things, so having anything besides .com/.net/.org will turn away a huge portion of users.

I initially setup an account on Lemmy.world, then realized that I couldn't migrate it to another server and that when I deleted that account on that server all my comments were deleted.

  1. Deciphering the distributed nature of it took me, a relatively tech-friendly person, almost the entire day and several 'What the fuck?' posts. I now understand it more. There are some very low-level guides that have been haphazardly put together, but there absolutely needs to be a MUCH smoother guide/explanation to this whole thing. That learning process will turn people away for sure.

  2. BECAUSE I understand it more now, I'm left feeling VERY uncomfortable about my data security. If this is going to become a mainstream thing, as it reaches and before it gets to that critical mass of users, there's going to be SO. MANY. SECURITY ISSUES. There's no 2fa at all, hacking and user-account hacking is just going to run rampant, and I'm left wondering 'Where is my username and password actually stored?'. The answer, sadly, is wherever the dude who's running the instance/server is. In the 'Fediverse' your server instance might be hosted in a US or EU data center with proper digital and physical security, or it could be Joe Blows basement in Iowa running off a NAS. The easy-to-see future here is that Lemmy will fail to attract a critical mass of people because they'll initially arrive, after a few months their instances will just cease to exist/get shut down/the hosts will decide its no longer a fun hobby to do.

With a large corporation, they have the staff and resources to secure and maintain the servers physically and digitally, and keep staff up-to-date on current infosec threats and get out in front of them. Beyond that, if there IS a breach, they have the ability to recognize it, understand the legalities and requirements of reporting it, and can be held accountable by regulatory bodies. Joe doesn't have the resources to really maintain and keep a server running, nor the knowledge of his responsibilities for keeping the data safe digitally or physically.

On top of that, if Joe's basement loses power/gets hacked/Joe decides he's moving to San Fransisco and can't bring his NAS with him and the server goes down, and that's where my instance is hosted well there goes my entire account/comments/data.

  1. Finding and subbing to communities is painfully difficult. It should be one-click, but somewhere I need to goto an external list, find what I want, and then copy/paste the URL into the search... and then 50% of the time, it doesn't work. This is an understandable growing pain and can likely be fixed by UI/UX upgrades, but for now it's a definite turn-off.

  2. There simply is no content. I'm not a creator, I want content aggregated for me, and I've gotten used to having a single place to get it from that floods me with thousands of different articles/memes/posts/etc every minute. Until the user base arrives in one single place and starts generating content, there's no reason for most people like me to be there as by far the larger number of users never create anything at all and only exist to consume the content generated.

[–] [email protected] 10 points 1 year ago (1 children)

Thats not the point of being federated. It is very simple to understand once you get over the learning curve. The analogies to countries/states communicating to each other but being seperate helped me

[–] [email protected] 3 points 1 year ago (1 children)

See, this is yet another issue with Lemmy. This is not the post I replied to. I replied to https://lemmy.ca/post/636721, "Redditors, how do you like Lemmy?", and yet it posted it in a completely different topic!

[–] [email protected] 4 points 1 year ago

This is very insightful, even though it ended up here :) thank you!

[–] [email protected] 5 points 1 year ago (1 children)

There needs to be ONE site, Lemmy.com, that people goto. This entire thing about having .whateveryouwant is VERY off putting.

The main feature of a federated system is that there's no one "owner" of the entire system; each admin uses their own servers and their own domain names. There's nothing stopping a server admin from using a .com domain name...

There’s no 2fa at all

There's basic TOTP 2FA now: https://github.com/LemmyNet/lemmy/issues/2363 but it hasn't been released yet (it's only available in the latest server beta). "Next-gen" TOTP (Webauthn/FIDO) is coming later: https://github.com/LemmyNet/lemmy/issues/3059

‘Where is my username and password actually stored?’. The answer, sadly, is wherever the dude who’s running the instance/server is. In the ‘Fediverse’ your server instance might be hosted in a US or EU data center with proper digital and physical security, or it could be Joe Blows basement in Iowa running off a NAS.

You should get to know your server admin, then. You have the freedom to pick any server you like :)

There simply is no content

Have you subscribed to many communities yet? You can browse other Lemmy servers to find interesting communities, and subscribe to them on your instance.

[–] [email protected] 0 points 1 year ago (1 children)

On a similar note, would it be possible to have something like "sharding" where one server has multiple synched copies on several people's machines? So lets say if one machine goes down for whatever reason there are others to still serve content? This could also help with distributing load across multiple machines so its less stressful on one, and we don't have situations such as whats going on with lemmy.ml now, where so many users are joining it that its frequently down and subscription statuses are stuck on pending

[–] [email protected] 1 points 1 year ago

This is usually referred to as "high availability", where you'd have a hot failover to swap to in case the main server goes down. This is usually implemented with a load balancer that checks if the upstream server is alive before sending requests to it. If the upstream server isn't responding, switch to the other one.

A load balancer could also spread the load evenly across multiple machines, at least for reads. Generally there's far more reads than writes, and reads are more easily scalable since you can have database replicas that just need to sync in one direction.

I don't think Lemmy supports any of this yet though.

The other approach is to split the large instances into multiple smaller instances. For Fediverse stuff, I don't know which approach is considered "better".

[–] [email protected] 4 points 1 year ago (1 children)

Sites don't store passwords, they store password hashes. There is no reason to give any personal info you aren't comfortable giving. You can use the site just fine without posting any

[–] [email protected] 2 points 1 year ago (1 children)

Hacking an account is still a valid concern though for various reasons , and hashes can still be used against password lists. Additionally, Two factor authentication is a necessity for sure. Now don’t get me wrong, I completely understand this feature is coming and that this is a developing service but many of these concerns do seem valid to me.

[–] [email protected] 1 points 1 year ago (1 children)

Hacking an account is still a valid concern though for various reasons

Let's assume you're doing the best practice thing and using a long and unique password for each service you use.

What benefit does a hacker have hacking your lemmy-based account? Considering that everything you post is public... There's simply nothing of value that you would obtain by "hacking" an account here... The only thing I can think of is if your a moderator of a community or an admin of an instance.

I just don't see any value to it... But even then.. 2fa is slated for v0.18 which is probably coming out in the next few weeks.

[–] [email protected] 1 points 1 year ago (1 children)

Mostly thinking impersonation, spamming, deletion or modification of history…. Although I’m sure there are probably other reasons too.

[–] [email protected] 1 points 1 year ago

Impersonation - Not sure this matters unless you're a mod or admin. Spamming - Just make the accounts yourself.... it's going to be infinitely easier to just make spam accounts from nothing (since it's free anyway) than to designate resources to cracking a password. Deletion/Modification of history - modlogs allow reverting ALL changes outside of full account deletion. Full account deletion - Well that's annoying at the very least. But not like it's the end of the world or has any actual cost associated with it.

It's a lot of work to do so little actual damage. It's not like twitter where hacking Elon's account can actually lead to monetary gain.

[–] [email protected] 2 points 1 year ago

I’m not sure how you’re being downvoted, you make some great criticisms of the fediverse. Maybe staying small is better for the communities than reaching a critical mass as that only attracts corporate sponsorship (VC/ads/etc.). Working out the security should be the initial goals for any interested programmers who venture over.

[–] AndrasKrigare 1 points 1 year ago

Given the track record of high profile company hacks and password dumps, you might be better off with Joe's basement simply because it's a small target no one gives a shit about and just because an organization is large doesn't mean they're security competent.

And don't reuse passwords, regardless.