Hello there!
It has been a while since our last update, but it’s about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.
So let’s go over some of these misconceptions together.
“Lemmy.World is too big and that is bad for the fediverse”.
While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network
The entire Lemmy fediverse is still in its infancy and even though we don’t like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.
And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.
“Lemmy.World should close down registrations”
Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what’s what would scare a lot of those people off. They probably wouldn’t even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.
Which brings us to the third point:
“Lemmy.World can not handle the load, that’s why the server is down all the time”
This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.
The problem is that for a couple of hours every day we are under a DDOS attack. It’s a never-ending game of whack-a-mole where we close one attack vector and they’ll start using another one. Without going too much into detail and expose too much, there are some very ‘expensive’ sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.
So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That’s one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.
“Why do they need another sysop who works for free”
Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.
We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.
Endless DDOS attacks. Sigh.
Thank you for your time & efforts in maintaining this platform. I (and many others I’m sure) have great respect for the work you do in trying to combat this menace. The community is completely behind you and appreciates the value of this resource.
What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply… Have you people wondered why it got so big?
During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn’t handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.
Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.
So yeah, “bad for the Fediverse” for being the only instance that kept up with the demand at the most necessary time.
Thanks Lemmy.world team.
I’m convinced now that people saying something is “Bad for the fediverse” is just their ignorance and xenophobia showing.
Look at the shitposting or lemmy memes going around and you’ll see a lot of people are actually afraid of users coming from reddit and spoiling the experience here.
I’m sure others don’t want us growing because, consciously or unconsciously, they won’t have as much traction or get as much attention. More people means you have less of a voice.
We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining. It just doesn’t work that way.
People complaining about the size of a social media platform are missing the point of a social media platform…
This is the first time in my life I’ve seen dislike of the userbase of an another site called ‘xenophobia’.
Especially weird since 90% of Lemmy is fresh off reddit themselves.
Personally I just don’t want the shitty aspects of the reddit community seeping over here. It’s a fact that reddit userbase has been facebookised, to the degree where I frequently see people who are outright stupid (repeatedly posting threads to wrong subreddits, ignoring mod messages, unable to comprehend basic English… stuff that I’d expect to see on Facebook and not reddit), or focused on memes and quips to the point where any discussion is flooded with such moronic content. There’s still (at least) tens of thousands of people on reddit who I’m sure would be great contributors on Lemmy too if they decide to switch, and I hope they will. But I don’t want all of reddit here. Is that really so bad, to not want to look at unfiltered normie crap? Reddit was good (if it ever was good) precisely because it was a bit elitist in its design and its culture.
We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining.
Maybe people can join somewhere else too? Make a Fediverse equivalent of Facebook/Instagram or something. Lemmy is not all of Fediverse and doesn’t have to be for everyone.
Like half of your complaints are literally good things. Yes, people want to be heard and not practically hidden from 90% if they don’t get enough upvotes on their post/comment during the crucial early time frame, as on bigger reddit subs. Lemmy is not a social media platform anyway, its goal is not to facilitate socialisation among the users and it doesn’t need many millions of users to work well.
I don’t want all of Reddit to come flooding in all at once.
But one thing I’ve noticed is that the entire Fediverse has a lot of instance-specific stuff going on. It’s really a question of finding the right instance for you. For example, I didn’t particularly like mastodon.social as an instance of Mastodon, but I’ve found other instances where I gel with the userbase well. It’s actually made the experience more pleasant.
If you’re willing and able, setting up a Lemmy instance for some specific community is actually a good idea. During my holiday break, I’m going to be working on setting up Lemmy for my town and maybe even a club website that I have been assigned control over. .world will suffice in the interim.
Well thanks for the update and your hard work. I am currently using lemm.ee as a backup account so that I can at least have my fix.
Hope the bastard(s) who are ddossing the server get some nice tropical diseases.
Lemmy.world also was my first step into the fediverse.
keep fighting the good fight <3
I wonder what motivated any DOS attacks.
Cyber-jackasses or cyber terrorists, likely the first.
A cyberpirate wants money.
A cyber terrorist has ideology or want to watch the world burn
Most actually successful cyber attacks globally are just trolls who want to have fun. This is why many, with their automated attack patterns, try to avoid children’s hospitals and critical infrastructure, but cyber terrorist with ideaology or want the world to burn attack those.
Giving lemmy is not that important yet, and theirs a ton of alternatives outside fediverse, it’s all volunteer, it would be cyber-jackasses, or want to watch the world burn cyber terrorists. Not pirates, not governments, not corpos.
Some people just like to watch the world burn.
fsociety?
Hello friend
An opposing business that has a lot to lose maybe. /shrug
The conversation gets a bit scrambled/broken up by disruptive/toxic people but this is a comment chain on lemmy.ml two weeks ago about SQL issues and challenges in getting the Lemmy Dev team to address them that might be worth reading:
The Lemmy Dev team have long ago stated they’re no experts in PostgreSQL tuning, and that any help is welcome.
In the thread you linked, a guy is just accusing them of what they themselves admitted, then refusing to help. Meanwhile, others have been submitting SQL related PRs all the time, which have been merged.
🙏 🙌
All support to Y’all, Keep Going!
Are DDoS protection services like those from Akamai, Arbor Networks, Link22 etc an option? Those are tested as ok by the German Federal Office for Information Security.
I don’t believe it would work for this case. Typical DDoS is just sending a ton of junk packets at a server at the max bandwidth of the network of bots an attacker has at their disposal. Very easy to block for a large cloud provider with multi-terabit connections and multiple redundant data centers. This is different, they’re asking the server to send them large amounts of information on repeat, or process massive amounts of data. The attacker is targeting the servers hardware itself through legitimate processes, so a third party wouldn’t really be able to do much.
Surely there is a way to rate limit clients so that normal users are rarely effected but a DDOS would need thousands of clients to be effective?
Yeah, I would guess it’s something like very long search terms concatenated with logic operators? These should be kind of database heavy? Or does indexeing make this easy?
deleted by creator
So if we were to point fingers to anyone, who would it be?
Elon Musk, Donald Trump and that Greedy Pigboy.
You are watching too much politics. Touch grass
Whoever’s doing the attacks. We don’t know who.
Two directions at once. It wasn’t long ago I saw someone very irate that these SQL issues needlessly exist, and that they had repeatedly tried to tell the Lemmy devs that they are an issue and been shrugged off about it. So the Lemmy devs who have decided that not acknowledging the problem is the same as the problem not existing are definitely partly to blame.
Mostly though the person to blame is whomever is a using whatever weaknesses exist to try to disrupt Lemmy.World because of their own personal bullshit.
With a ddos, there’s no way of knowing. But given that the attacks are this mild, probably not someone we’ve heard of.
A fantastic job is being done by you folks - obviously in the face of adversity. Given the amount of users on the instance is at a critical point, would it not be possible to ‘move’ accounts off it onto other less populated instances ?
Keep up the great work folks - I sympathise for ya.
Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.
I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…
The risk that would create for vulnerable communities on here would be deeply irresponsible.
Right. Because FBI doesn’t already monitor any suspicious activity.
They fuck with left leaning groups and try to intentionally destabilize them 🤷♂️
I have nothing bad to say about Lemmy.world, but I do recommend that people move away from it in order to better decentralize Lemmy. Here is some useful information for people wanting to move instances.
For a list of instances, along with with stats for those instances:
https://fedidb.org/software/lemmy or https://lemmyverse.net/
Also, tools for migrating instances:
https://github.com/CMahaff/lasim (easy) - Latest Version Download (just select your OS type and run the program)