Hello there!

It has been a while since our last update, but it’s about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.

So let’s go over some of these misconceptions together.

“Lemmy.World is too big and that is bad for the fediverse”.

While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network

The entire Lemmy fediverse is still in its infancy and even though we don’t like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.

And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members. 

“Lemmy.World should close down registrations”

Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what’s what would scare a lot of those people off. They probably wouldn’t even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.

Which brings us to the third point:

“Lemmy.World can not handle the load, that’s why the server is down all the time”

This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.

The problem is that for a couple of hours every day we are under a DDOS attack. It’s a never-ending game of whack-a-mole where we close one attack vector and they’ll start using another one. Without going too much into detail and expose too much, there are some very ‘expensive’ sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.

So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That’s one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.  

“Why do they need another sysop who works for free”

Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.

We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.

  • cyborganickname@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Thank you for your time & efforts in maintaining this platform. I (and many others I’m sure) have great respect for the work you do in trying to combat this menace. The community is completely behind you and appreciates the value of this resource.

  • kadu@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply… Have you people wondered why it got so big?

    During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn’t handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.

    Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.

    So yeah, “bad for the Fediverse” for being the only instance that kept up with the demand at the most necessary time.

    Thanks Lemmy.world team.

    • Capt. Wolf@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      edit-2
      1 year ago

      I’m convinced now that people saying something is “Bad for the fediverse” is just their ignorance and xenophobia showing.

      Look at the shitposting or lemmy memes going around and you’ll see a lot of people are actually afraid of users coming from reddit and spoiling the experience here.

      I’m sure others don’t want us growing because, consciously or unconsciously, they won’t have as much traction or get as much attention. More people means you have less of a voice.

      We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining. It just doesn’t work that way.

      People complaining about the size of a social media platform are missing the point of a social media platform…

      • antonim@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        1 year ago

        This is the first time in my life I’ve seen dislike of the userbase of an another site called ‘xenophobia’.

        Especially weird since 90% of Lemmy is fresh off reddit themselves.

        Personally I just don’t want the shitty aspects of the reddit community seeping over here. It’s a fact that reddit userbase has been facebookised, to the degree where I frequently see people who are outright stupid (repeatedly posting threads to wrong subreddits, ignoring mod messages, unable to comprehend basic English… stuff that I’d expect to see on Facebook and not reddit), or focused on memes and quips to the point where any discussion is flooded with such moronic content. There’s still (at least) tens of thousands of people on reddit who I’m sure would be great contributors on Lemmy too if they decide to switch, and I hope they will. But I don’t want all of reddit here. Is that really so bad, to not want to look at unfiltered normie crap? Reddit was good (if it ever was good) precisely because it was a bit elitist in its design and its culture.

        We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining.

        Maybe people can join somewhere else too? Make a Fediverse equivalent of Facebook/Instagram or something. Lemmy is not all of Fediverse and doesn’t have to be for everyone.

        Like half of your complaints are literally good things. Yes, people want to be heard and not practically hidden from 90% if they don’t get enough upvotes on their post/comment during the crucial early time frame, as on bigger reddit subs. Lemmy is not a social media platform anyway, its goal is not to facilitate socialisation among the users and it doesn’t need many millions of users to work well.

        • EmperorOfTexas@lemmy.world
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I don’t want all of Reddit to come flooding in all at once.

          But one thing I’ve noticed is that the entire Fediverse has a lot of instance-specific stuff going on. It’s really a question of finding the right instance for you. For example, I didn’t particularly like mastodon.social as an instance of Mastodon, but I’ve found other instances where I gel with the userbase well. It’s actually made the experience more pleasant.

          If you’re willing and able, setting up a Lemmy instance for some specific community is actually a good idea. During my holiday break, I’m going to be working on setting up Lemmy for my town and maybe even a club website that I have been assigned control over. .world will suffice in the interim.

  • cpo@lemmy.world
    link
    fedilink
    arrow-up
    17
    ·
    1 year ago

    Well thanks for the update and your hard work. I am currently using lemm.ee as a backup account so that I can at least have my fix.

    Hope the bastard(s) who are ddossing the server get some nice tropical diseases.

    Lemmy.world also was my first step into the fediverse.

  • LughA
    link
    fedilink
    English
    arrow-up
    12
    ·
    1 year ago

    I wonder what motivated any DOS attacks.

    • Sharkictus@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      1 year ago

      Cyber-jackasses or cyber terrorists, likely the first.

      A cyberpirate wants money.

      A cyber terrorist has ideology or want to watch the world burn

      Most actually successful cyber attacks globally are just trolls who want to have fun. This is why many, with their automated attack patterns, try to avoid children’s hospitals and critical infrastructure, but cyber terrorist with ideaology or want the world to burn attack those.

      Giving lemmy is not that important yet, and theirs a ton of alternatives outside fediverse, it’s all volunteer, it would be cyber-jackasses, or want to watch the world burn cyber terrorists. Not pirates, not governments, not corpos.

    • jarfil@lemmy.world
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      The Lemmy Dev team have long ago stated they’re no experts in PostgreSQL tuning, and that any help is welcome.

      In the thread you linked, a guy is just accusing them of what they themselves admitted, then refusing to help. Meanwhile, others have been submitting SQL related PRs all the time, which have been merged.

    • Dale'sDeadBug@sh.itjust.works
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      I don’t believe it would work for this case. Typical DDoS is just sending a ton of junk packets at a server at the max bandwidth of the network of bots an attacker has at their disposal. Very easy to block for a large cloud provider with multi-terabit connections and multiple redundant data centers. This is different, they’re asking the server to send them large amounts of information on repeat, or process massive amounts of data. The attacker is targeting the servers hardware itself through legitimate processes, so a third party wouldn’t really be able to do much.

      • Photographer@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        Surely there is a way to rate limit clients so that normal users are rarely effected but a DDOS would need thousands of clients to be effective?

      • sverit@feddit.de
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah, I would guess it’s something like very long search terms concatenated with logic operators? These should be kind of database heavy? Or does indexeing make this easy?

    • Piers@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      Two directions at once. It wasn’t long ago I saw someone very irate that these SQL issues needlessly exist, and that they had repeatedly tried to tell the Lemmy devs that they are an issue and been shrugged off about it. So the Lemmy devs who have decided that not acknowledging the problem is the same as the problem not existing are definitely partly to blame.

      Mostly though the person to blame is whomever is a using whatever weaknesses exist to try to disrupt Lemmy.World because of their own personal bullshit.

    • sab@lemmy.world
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      With a ddos, there’s no way of knowing. But given that the attacks are this mild, probably not someone we’ve heard of.

  • Rambler@lemm.ee
    link
    fedilink
    arrow-up
    3
    ·
    1 year ago

    A fantastic job is being done by you folks - obviously in the face of adversity. Given the amount of users on the instance is at a critical point, would it not be possible to ‘move’ accounts off it onto other less populated instances ?

    Keep up the great work folks - I sympathise for ya.

  • eek2121@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    1 year ago

    Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.