this post was submitted on 09 Aug 2023
3649 points (98.1% liked)

Lemmy.World Announcements

29107 readers
1 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
3649
Lemmy World outages (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Hello there!

It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let's go over some of these misconceptions together.

"Lemmy.World is too big and that is bad for the fediverse".

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members. 

"Lemmy.World should close down registrations"

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

"Lemmy.World can not handle the load, that's why the server is down all the time"

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.  

"Why do they need another sysop who works for free"

Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 1014 points 1 year ago (32 children)

What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply... Have you people wondered why it got so big?

During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn't handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.

Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.

So yeah, "bad for the Fediverse" for being the only instance that kept up with the demand at the most necessary time.

Thanks Lemmy.world team.

[–] [email protected] 209 points 1 year ago (2 children)

Damn I never thought about that. Lemmy.world has been a rock. And a transparent one at that, I love it.

[–] [email protected] 63 points 1 year ago (3 children)
load more comments (3 replies)
load more comments (1 replies)
[–] [email protected] 83 points 1 year ago* (last edited 1 year ago) (3 children)

I'm convinced now that people saying something is "Bad for the fediverse" is just their ignorance and xenophobia showing.

Look at the shitposting or lemmy memes going around and you'll see a lot of people are actually afraid of users coming from reddit and spoiling the experience here.

I'm sure others don't want us growing because, consciously or unconsciously, they won't have as much traction or get as much attention. More people means you have less of a voice.

We can't argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining. It just doesn't work that way.

People complaining about the size of a social media platform are missing the point of a social media platform...

load more comments (3 replies)
[–] [email protected] 49 points 1 year ago

It upsets me that people can't understand this. Lemmy was getting hit like crazy. Even through all that, it was better than reddit. I adore lemmy and the .world admins. I seriously can't wait to see it grow.

load more comments (29 replies)
[–] [email protected] 362 points 1 year ago (29 children)

Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.

[–] [email protected] 83 points 1 year ago (44 children)

I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…

[–] [email protected] 223 points 1 year ago (5 children)

And yet, and this will shock and amaze you, they're probably here already. Lemmy isn't a secret.

load more comments (5 replies)
load more comments (43 replies)
[–] [email protected] 64 points 1 year ago

Have you guys contacted law enforcement?

Given that the goal of this instance is to serve as a reference of the Fediverse, it is expected that it will continue to grow, and in turn, attract more attention, which due to a game of numbers also involves more trolls and enemies. Thus, the fact that the instance is being DDOS'ed right now shouldn't be seen as a conjunctural problem, but rather a challenge that is here to stay and sometimes be a problem.

While I think it's a good idea for lemmy.world to do it this time, relying on a police force to routinely come to our call and do something means periods during which the instance will be out while we wait for them for work. The instance, and Lemmy in general, should have more robust defenses so that calling for external help is only required at exceptional times.

load more comments (27 replies)
[–] [email protected] 243 points 1 year ago

In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.

[–] [email protected] 201 points 1 year ago* (last edited 1 year ago) (9 children)

Im a data engineer with 20+ years of experience in sql and various databases, I do performance tuning on daily basis. How can I help? Please message me if you think you can use me. Id be very happy to help where I can!

[–] [email protected] 78 points 1 year ago (6 children)

Possibly not ideal for you as a data engineer, but you could try skimming down the GitHub database issues?

load more comments (6 replies)
load more comments (8 replies)
[–] [email protected] 158 points 1 year ago (10 children)

Besides the actual developers of lemmy, none has done more for the lemmiverse than the maintainers of lemmy.word. When the Reddit shitstorm started and other leading servers shut down user registration, you guys held the ship steady and didn’t flinch from the sudden flood of new users. Discovering new bottle-necks in lemmy code, helping to resolve them and deploying hot fixes. All in super fast reaction time. About “lemmy.world shouldn’t be largest server” crap - it’s good for lemmy that one server is the easy entry point to lemmy. This is where the “mainstream” communities could/should be and new users will have an easier landing. Having dedicated servers with their own communities (like start trek, piracy, etc) is great but it’s not mandatory for all communities.

[–] [email protected] 54 points 1 year ago (2 children)

Hey! Lemmy.dbzer0.com stayed open as well! :)

load more comments (2 replies)
load more comments (9 replies)
[–] [email protected] 139 points 1 year ago

Y'all are motherfucking gangsters. Appreciate the work you're putting in. I don't do your kind of code or I'd pitch in. Much love. ♥️

[–] [email protected] 126 points 1 year ago (6 children)

Imagine having the free time to engineer attacks on a site. Fucking loser.

[–] pipes 114 points 1 year ago (1 children)

Or, they have a commercial interest or are paid by someone who does. Fucking losers either way

[–] [email protected] 72 points 1 year ago

I've got my bets on who it is.

As the post pointed out: these are people who know how Lemmy works. There's a few troll-websites that have been defederated from Lemmy.world, and those troll-websites (and culture) is well known to retaliate in the form of DDOS attacks.

It sucks, but we shouldn't let them bully us. Instead, we can go to https://sh.itjust.works/c/[email protected] and... hey look, bringing down Lemmy.world temporarily doesn't actually stop us from talking or sharing our posts?

They're relying upon the fact that people are "used to" going to https://lemmy.world and don't know that every single member of the federation (sh.itjust.works, lemmy.ca, etc. etc. etc.) all serve as backups to Lemmy.world proper. The posts nor server is ever really down.

load more comments (5 replies)
[–] [email protected] 100 points 1 year ago (3 children)

I couldnt care less. You provide a great forum at no charge to me. I thank yoy for your contribution to discourse, communication with the community, and look forward to the growth of lemmy.world

load more comments (3 replies)
[–] [email protected] 91 points 1 year ago

Thanks for being so transparent with us. Lemmy really does feel like home now to me. I wish the maintainers all the best as they continue to fight the forces of evil.

[–] [email protected] 87 points 1 year ago
[–] [email protected] 86 points 1 year ago (2 children)

Reddit was down a lot too, and they stuck ads in my face. It’s not like I have a pacemaker that needs Lenny.world to be up in order to function. Keep up the good work and I hope whoever is behind the attacks steps on a Lego.

load more comments (2 replies)
[–] [email protected] 76 points 1 year ago* (last edited 1 year ago)

usually my reaction when a website I visit daily goes down is to probably visit that website less or think the backend team behind it is lazy. but when lemmy.world goes down or is under attack, I sympathize and just open it when it's back up. y'all prove that you're hardworking by providing clear communication and explanation on what's happening everytime. shout out lemmy team, you deserve the world!!

[–] [email protected] 76 points 1 year ago

Thank you for your work 🫡

[–] [email protected] 71 points 1 year ago (8 children)

Have you heard of something called The Cloud? It sounds possible this will solve all of our issues!

(/s in case it's not terribly obvious.)

load more comments (8 replies)
[–] [email protected] 71 points 1 year ago (2 children)

I think you should take 5% of donations to pay yourselves personally. I appreciate your work!

[–] [email protected] 52 points 1 year ago (2 children)

Definitely need to pay themselves. Doing this for free is not sustainable over long periods.

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 71 points 1 year ago

Have you guys tried NOT getting attacked? Might work.

Seriously, thanks for all your effort!

[–] [email protected] 70 points 1 year ago (2 children)

Great stuff, thank you for all the good work.

btw, as a tip: please resize https://lemmy.world/pictrs/image/14f857e5-703a-4513-9c1a-f23031675be1.png in an image editor. It's on the homepage, and it's a frikking 4.5 megabyte image file.

[–] [email protected] 54 points 1 year ago (1 children)

I resized it. It's 1,2MB now

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 66 points 1 year ago (4 children)

What else can we do to help Lemmy.world besides donate?

[–] [email protected] 89 points 1 year ago (5 children)

Asking for nothing but patience :)

load more comments (5 replies)
load more comments (3 replies)
[–] [email protected] 64 points 1 year ago

Cheers for the good work guys

[–] [email protected] 63 points 1 year ago

Thanks for the update and the hard work behind the scenes to keep things online!

[–] [email protected] 62 points 1 year ago (4 children)

If you think it might help I've got a bit of a hack I've used in the past to cache a sql database in a compressed ramdisk using zram and bcache. Imagine stuffing a 50G DB into 20G of memory.

It won't fix the inefficient SQL queries but it would make it so frequently accessed tables get cached in a ram disk cutting query time significantly.

This might be enough to reduce the impact of these attacks until queries can be optimized.

This assumes your database isn't running on something like RDS though.

load more comments (4 replies)
[–] [email protected] 57 points 1 year ago (13 children)

I have to wonder why expensive SQL queries in Lemmy operations even exist. As Lemmy scales, won't those queries get executed more often just as part of normal operation? That would say to me that the Lemmy software needs optimization. Otherwise there will be scaling issues even if the attacks stop.

[–] [email protected] 75 points 1 year ago (3 children)

the version number is 0.18.4 that should give you a hint.

it's entirely possible that these simply haven't been optimized yet.

load more comments (3 replies)
[–] [email protected] 64 points 1 year ago (6 children)

That's exactly what is happening now. Lemmy is a very young codebase and up until very recently only had a tiny user base, so optimisation wasn't that important.

Over the last few months the Devs have been working hard to improve things, but there is a lot of ground to cover

load more comments (6 replies)
load more comments (11 replies)
[–] [email protected] 57 points 1 year ago (4 children)

Ah so the Lemmy World server isn’t a Raspberry Pie? Nice.

load more comments (4 replies)
[–] [email protected] 57 points 1 year ago (1 children)

Love this transparency post and info, much appreciated

load more comments (1 replies)
[–] [email protected] 56 points 1 year ago (2 children)

I'm sure they don't want to reveal to much but I'm curious if the attackers were authenticated. If not it seems reasonable to rate limit anonymous users.

load more comments (2 replies)
[–] [email protected] 51 points 1 year ago* (last edited 1 year ago) (5 children)

I found that LMAO/Angled (guy who was angry about being banned for community name squatting) has a YouTube that does techy stuff, he's always in the back of my mind as someone who could be contributing to the DDoS, total speculation though but the threat of "ruining your site" and then coming back to spam the trending communities with spam makes me suspicious lol

load more comments (5 replies)
[–] [email protected] 49 points 1 year ago (2 children)

Cmon half the users here are tech nerds, get to work you lazy bastards, I'll be there as soon as I close this sprint--

load more comments (2 replies)
[–] [email protected] 46 points 1 year ago (2 children)

They are inadvertently helping Lemmy become more robust

load more comments (2 replies)
[–] [email protected] 46 points 1 year ago

Thanks for all you guys do! While the lack of reliability can be frustrating your efforts do not go unnoticed. Thanks again.

load more comments
view more: next ›