this post was submitted on 09 Aug 2023
3649 points (98.1% liked)

Lemmy.World Announcements

29107 readers
1 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS
3649
Lemmy World outages (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/[email protected]
 

Hello there!

It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let's go over some of these misconceptions together.

"Lemmy.World is too big and that is bad for the fediverse".

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members. 

"Lemmy.World should close down registrations"

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

"Lemmy.World can not handle the load, that's why the server is down all the time"

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.  

"Why do they need another sysop who works for free"

Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

(page 3) 50 comments
sorted by: hot top controversial new old
[–] [email protected] 22 points 1 year ago

Thank you guys for the write up and for helping to keep things running.

[–] [email protected] 22 points 1 year ago

Endless DDOS attacks. Sigh.

[–] [email protected] 22 points 1 year ago (3 children)

How do I as a developer:

  • contribute towards lemmy?
  • contribute toward the success of lemmy.world?

I’m an SRE by trade and would be happy to contribute my time in some way

load more comments (3 replies)
[–] [email protected] 21 points 1 year ago (2 children)

There are quite a few InfoSec people here. While I have never held an official InfoSec job I do have a degree. However, my degree is debatable about whether it actually educates me as intended.

Point being there are a lot of people that have more knowledge than me as well as experience but I want to learn. As someone who is always listening to security podcasts like Hacking Humans or Darknet Diaries, naked hacking, or even InfoSec journalism around popular ongoing issues in the world like Click Here. I always want to learn and get experience.

I currently work in IT for a hospital. Is there any way to help with this kind of thing to learn and build on knowledge to help? To volunteer time to potentially see what is going on?

[–] [email protected] 15 points 1 year ago (1 children)

IF you were a bad actor, this is exactly the argument to use to get more inside information to use in the next attack.

Establishing trust is the first problem to be overcome.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 20 points 1 year ago (2 children)

When will /u/spez just accept that he lost?

load more comments (2 replies)
[–] [email protected] 19 points 1 year ago

Would it be possible to have the error page when you are being attacked/there is an outage point to some other lemmy instances to go to?

I think that could be a big help if there is an issue when a new user tries to check out .world for the first time. They will at least have a link to click on to check out what lemmy is like on another instance and maybe sign up there too.

[–] [email protected] 19 points 1 year ago

Ironic that they're effectively proving that you were right to not trust them...

[–] [email protected] 19 points 1 year ago

keep fighting the good fight <3

[–] [email protected] 17 points 1 year ago

Great explanation! And thanks for the many many hours you guys put in.

[–] [email protected] 17 points 1 year ago (2 children)

Ive been waiting for this response from you guys. You have been a fantastic admin team so far. I still don't agree with some of the de-federating, but overall you guys truly show you care about this instance and the lemmy fediverse as a whole.

I know I wont be wavering because of butt hurt idiots in other instances. I will hold my ground and stick to Lemmy.World.

Keep it up and i hope that in due time, you guys can keep the DDOS attacks under control.

[–] samus12345 16 points 1 year ago

There's nothing wrong with making an alt account for when .world is down. In fact, it's very much in the spirit of the fediverse to do so.

load more comments (1 replies)
[–] [email protected] 17 points 1 year ago

keep up the good work team; you're the linchpin to this renaissance

[–] [email protected] 16 points 1 year ago (1 children)

Is Lemmy not throttling requests to APIs based on how computationally expensive they are? Or is it that many IP addresses are hitting those APIs and are within the throttling limits?

[–] [email protected] 22 points 1 year ago (1 children)

The first D in DDOS means distributed, as in the requests are distributed across many different machines and IPs; so the second option.

load more comments (1 replies)
[–] [email protected] 16 points 1 year ago (3 children)

Are DDoS protection services like those from Akamai, Arbor Networks, Link22 etc an option? Those are tested as ok by the German Federal Office for Information Security.

load more comments (3 replies)
[–] [email protected] 16 points 1 year ago

Great work guys! Keep going!

[–] [email protected] 15 points 1 year ago (3 children)

People should stick with the instance otherwise you're just encouraging those tankies and nazis to use DDOS attacks again to bring down instances that defederate with them, don't let them know that they're successful. This opportunistic concern trolling around lemmy.world's downtime needs to stop. As the admins said, sooner or later "small" instances would have 100k users and would start having these issues all at once if it weren't for lemmy.world experiencing them first hand. Some DB optimizations were pushed to Lemmy thanks to lemmy.world.

load more comments (3 replies)
[–] [email protected] 15 points 1 year ago

keep up the good work

[–] [email protected] 14 points 1 year ago (3 children)

Question, can we configure the nginx to return cached responses for all non-logged in queries for predetermined periods of time? (1min for example?)

load more comments (3 replies)
load more comments
view more: ‹ prev next ›