this post was submitted on 09 Aug 2023

1460 points (96.6% liked)

Lemmy.World Announcements

29084 readers

353 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

DM https://lemmy.world/u/lwreport
Email report@lemmy.world (PGP Supported)

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team

founded 2 years ago

MODERATORS

ruud@lemmy.world

lwadmin@lemmy.world

lwCET@lemmy.world

jelloeater85@lemmy.world

Serinus@lemmy.world

lw_mod_notification@lemmy.world

MrKaplan@lemmy.world

1460

Lemmy World outages (lemmy.world)

submitted 1 year ago* (last edited 1 year ago) by lwadmin@lemmy.world to c/lemmyworld@lemmy.world

112 comments fedilink hide all child comments

Hello there!

It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let's go over some of these misconceptions together.

"Lemmy.World is too big and that is bad for the fediverse".

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.

"Lemmy.World should close down registrations"

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

"Lemmy.World can not handle the load, that's why the server is down all the time"

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.

"Why do they need another sysop who works for free"

Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

(page 2) 50 comments

sorted by: hot top controversial new old

[–] raspberry_confetti@lemmy.ml 2 points 1 year ago (1 children)

They are inadvertently helping Lemmy become more robust

[–] Redtitwhore@lemmy.world 1 points 1 year ago

I was just thinking it could be someone with that goal in mind. Better to fix this stuff now.

[–] SocialMediaRefugee@lemmy.world 2 points 1 year ago (1 children)

Hope you are logging the DDOS ips. The first step in tracing those responsible.

[–] cum_hoc@lemmy.world 2 points 1 year ago (5 children)

So if we were to point fingers to anyone, who would it be?

[–] TheSpookiestUser@lemmy.world 3 points 1 year ago

Whoever's doing the attacks. We don't know who.

[–] Piers@lemmy.world 2 points 1 year ago

Two directions at once. It wasn't long ago I saw someone very irate that these SQL issues needlessly exist, and that they had repeatedly tried to tell the Lemmy devs that they are an issue and been shrugged off about it. So the Lemmy devs who have decided that not acknowledging the problem is the same as the problem not existing are definitely partly to blame.

Mostly though the person to blame is whomever is a using whatever weaknesses exist to try to disrupt Lemmy.World because of their own personal bullshit.

[–] sab@lemmy.world 1 points 1 year ago

With a ddos, there's no way of knowing. But given that the attacks are this mild, probably not someone we've heard of.

load more comments (2 replies)

[–] thisbenzingring@lemmy.sdf.org 1 points 1 year ago

I think I initially signed up on your instance and then figured it out, signed up for a more local instance but then figured I made a mistake and ended up where I am.

Thank you again for being available to let me through the door. Once I figured out that there's lots of doors, it was much better.

Lemmy.world will always be a special place and you and anyone who volunteers for work hare is fuckin awesome. Thanks again ♥️

[–] CanadianCorhen@lemmy.ca 1 points 1 year ago

I would love to see this grow to the point where a full time sysadmin could be hired! Would need a lot of subscribers though

[–] Rottcodd@kbin.social 1 points 1 year ago

Ironic that they're effectively proving that you were right to not trust them...

[–] deftdrummer@lemm.ee 1 points 1 year ago

Interesting your comparison with "imagine if a new user got to the page and couldn't sign up" - honestly, that's what they're faced with now regardless of closing off sign ups.

You say being able to handle the load is not an issue - I understand that on a technical level, but at the same time, you can't handle the load currently with the level of ddos attacks. That much is fact.

I know it's hard to catch these fuckers and close exploits quickly, but let's be honest here so far the methods have failed on LW's part. These are 2010 levels of downtime.

[–] nix@merv.news 1 points 1 year ago

I think it would be good to not close registration and if once a month or something there could be a post by admins about migrating to smaller instances (this is made easy with the LASIM tool) so new users can easily sign up with no hurdle but we also prevent too much centralization.

[–] TheSmartDude@lemmy.world 1 points 1 year ago

Will these occur in the near-future?

[–] Fish@midwest.social 1 points 1 year ago

I have nothing bad to say about Lemmy.world, but I do recommend that people move away from it in order to better decentralize Lemmy. Here is some useful information for people wanting to move instances.

For a list of instances, along with with stats for those instances:

https://fedidb.org/software/lemmy or https://lemmyverse.net/

Also, tools for migrating instances:

https://github.com/CMahaff/lasim (easy) - Latest Version Download (just select your OS type and run the program)

https://github.com/wescode/lemmy_migrate

https://github.com/Ac5000/lemmy_account_sync

[–] elbarto777@lemmy.world 1 points 1 year ago

Did you not read the post?

[–] neonfire@lemmy.world 1 points 1 year ago (7 children)

Any de-federated instance doesn't have the money or resources to start DDOS attacks. You know who does? Large corporations who feel attacked at the very existence of large platforms such as lemmy.world.

Who do we know with those resources, funding, knowledge of software (in general, as well as able to place specific people to learn about certain FOSS projects that have their code available), and the desire to spend such resources?

You know it's Reddit Co, we know it's Reddit Co. They know they're doing it too.

Fuck Spez and his bullshit army. I hope they can sleep well in their suburban McMansions while they sell out their future.

Conspiracy is one thing, this is just obvious.

[–] theletterd@lemmy.world 2 points 1 year ago (1 children)

same thing happened when people were leaving reddit in droves going to voat.co

[–] Legendsofanus@lemmy.world 1 points 1 year ago

Woah, when was this

[–] fatalicus@lemmy.world 2 points 1 year ago

Yeah, no.

DDOS attacks cost very little, and most people could easily afford to buy access to a network for ddosing a site like Lemmy.world.

We regularly have to deal with students who have bought DDOS attacks because they want to try to get exams cancelled and such.

[–] Etterra@lemmy.world 1 points 1 year ago

1st The if Warfare: never underestimate your enemy. It can be alarming what resources people are willing to expend for terrible reasons - narcissism, ego, and spite being the top 3 IMO.

For instance: Musk is the pettiest man on the planet. The rich dingus who killed himself and others in that underwater deathtrap was all ego all the time. Oh and funny forget all the whales that keep making microtransactions and p2w in games a profitable business model.

I'm not saying it isn't Reddit, but it doesn't have to be them - or even just them. Reddit, for instance, could be quietly contributing to the problem while somebody else takes the brunt of the blame. It would make sense, too. The enemy of their enemy is an awfully convenient tool/patsy/unknowing smokescreen for a given value of friend.

load more comments (3 replies)

[–] miles@lemmy.world 1 points 1 year ago* (last edited 1 year ago)

a better solution is to decouple the query from individual api requests by adding a caching layer. we’ll get there eventually

[–] Lemmylefty@lemmy.world 1 points 1 year ago

In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.

load more comments