Hello there!
It has been a while since our last update, but it’s about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.
So let’s go over some of these misconceptions together.
“Lemmy.World is too big and that is bad for the fediverse”.
While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network
The entire Lemmy fediverse is still in its infancy and even though we don’t like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.
And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.
“Lemmy.World should close down registrations”
Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what’s what would scare a lot of those people off. They probably wouldn’t even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.
Which brings us to the third point:
“Lemmy.World can not handle the load, that’s why the server is down all the time”
This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.
The problem is that for a couple of hours every day we are under a DDOS attack. It’s a never-ending game of whack-a-mole where we close one attack vector and they’ll start using another one. Without going too much into detail and expose too much, there are some very ‘expensive’ sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.
So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That’s one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.
“Why do they need another sysop who works for free”
Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.
We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.
What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply… Have you people wondered why it got so big?
During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn’t handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.
Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.
So yeah, “bad for the Fediverse” for being the only instance that kept up with the demand at the most necessary time.
Thanks Lemmy.world team.
I’m convinced now that people saying something is “Bad for the fediverse” is just their ignorance and xenophobia showing.
Look at the shitposting or lemmy memes going around and you’ll see a lot of people are actually afraid of users coming from reddit and spoiling the experience here.
I’m sure others don’t want us growing because, consciously or unconsciously, they won’t have as much traction or get as much attention. More people means you have less of a voice.
We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining. It just doesn’t work that way.
People complaining about the size of a social media platform are missing the point of a social media platform…
This is the first time in my life I’ve seen dislike of the userbase of an another site called ‘xenophobia’.
Especially weird since 90% of Lemmy is fresh off reddit themselves.
Personally I just don’t want the shitty aspects of the reddit community seeping over here. It’s a fact that reddit userbase has been facebookised, to the degree where I frequently see people who are outright stupid (repeatedly posting threads to wrong subreddits, ignoring mod messages, unable to comprehend basic English… stuff that I’d expect to see on Facebook and not reddit), or focused on memes and quips to the point where any discussion is flooded with such moronic content. There’s still (at least) tens of thousands of people on reddit who I’m sure would be great contributors on Lemmy too if they decide to switch, and I hope they will. But I don’t want all of reddit here. Is that really so bad, to not want to look at unfiltered normie crap? Reddit was good (if it ever was good) precisely because it was a bit elitist in its design and its culture.
We can’t argue about federation on the net, avoiding corporate control, or whatever while sticking our hand out and stopping people from joining.
Maybe people can join somewhere else too? Make a Fediverse equivalent of Facebook/Instagram or something. Lemmy is not all of Fediverse and doesn’t have to be for everyone.
Like half of your complaints are literally good things. Yes, people want to be heard and not practically hidden from 90% if they don’t get enough upvotes on their post/comment during the crucial early time frame, as on bigger reddit subs. Lemmy is not a social media platform anyway, its goal is not to facilitate socialisation among the users and it doesn’t need many millions of users to work well.
I agree with all of the points you made, there’s nothing wrong with certain instances or communities gearing themselves towards particular interests or demographics (like more tech savvy people, longer replies, etc like old school forums).
Also a little taken aback by the misuse of the word xenophobia which doesn’t make much sense in the context it was used in.
I don’t want all of Reddit to come flooding in all at once.
But one thing I’ve noticed is that the entire Fediverse has a lot of instance-specific stuff going on. It’s really a question of finding the right instance for you. For example, I didn’t particularly like mastodon.social as an instance of Mastodon, but I’ve found other instances where I gel with the userbase well. It’s actually made the experience more pleasant.
If you’re willing and able, setting up a Lemmy instance for some specific community is actually a good idea. During my holiday break, I’m going to be working on setting up Lemmy for my town and maybe even a club website that I have been assigned control over. .world will suffice in the interim.
It upsets me that people can’t understand this. Lemmy was getting hit like crazy. Even through all that, it was better than reddit. I adore lemmy and the .world admins. I seriously can’t wait to see it grow.
And besides closing registrations, many others required that you request it, then wait for approval. Of course most went with the path of least resistance - I know I did (using an alt account now because of the DDOS attacks).
Aahh please write an essay about why you’d like to join our server and why you chose your username. Who tf wants to go through a casting couch for an app you’ll use while taking a dump?
Yeah, really. I get why some instances want to be selective, but it was a bit jarring to me just how many were when I was looking for a way to try Lemmy out.
Everyone complaining about the Beehaw registration is what got me to check it out.
It was certainly not an “essay,” just pretty much a paragraph saying I’m not a bot or troll and in a few minutes I was approved. This was maybe 2 weeks after the Reddit protest, so it may have been worse initially, but my signup was painless.
I have a few accounts to see how the first few months will go with defederations go, but most instances I go to look much the same at this point. I like the feel of Beehaw best and I’d say it’s my primary right now, but the defederation and signup does seem to have slowed growth.
World is my second most used, and I still check out new instances, but between those 2 the majority of my needs are covered right now. I think it’s cool you can get different “flavors” of Lemmy, so everyone doesn’t have to like all the instances, but most of them seen to play well together.
I just don’t understand the need to rip on the ones doing things differently when that is one of the features of the Fediverse. I don’t even like seeing people trash EH or LG because it’s free advertising to new people they exist. I don’t want to see feeds listed with their names, and the complaining is just an attraction to people who actually want that garbage.
It literally takes ten seconds and it’s an easy way to filter out bots.
lemmy.ca had semi-closed invites and I just wrote that I was migrating away from reddit and wanted to join a local instance as a Canadian. It was like two sentences and I got approved in under an hour.
Sure, you’re not wrong. But a ton of genuine users are simply checking out what this Lemmy thing is at this stage, and asking them to elaborate why they want to be here, even if in a few lines, is going to turn them away. Instances should be allowed to enforce this if they want, I just think there should be a way for users to quickly find a less restrictive instance. This is what turned me away from Lemmy in my early attempt to use it - I just wanted to check it out on whim and was told there’s a manual approval.
I don’t even agree that this is a good way to keep out bad bots. We already have farms where you just hire someone in a country with cheap labor to just create accounts all day.
My experience exactly.
I think it becomes a problem on larger instances that don’t have the manpower to manually read and flag users, which would definitely be the place that .world is in. .ca is a much smaller instance and it’s still feasible to do stuff like this by hand.
I don’t think .world would benefit from implementing a check, all things considered though. The easier it is to onboard to the fediverse the better we’ll all be in the long run, even if it’s concentrated in a few central places.
Especially if you have no clue what it’s about and just want to check it out
Weird, I just wrote something like:
I left reddit for Lemmy and am experimenting with different instances. I felt I agreed with the philosophy here and wanted to create an account
If you call a couple sentences “an essay”… what are you even doing writing “essays” in random comments while taking a dump?
Now you put it that way, thank you lemmy world. I probably wouldn’t migrate out of R itself if I didn’t see your site and made it look familiar. Transition had been easy for me and now, I barely go back there unless via libreddit.
made it look familiar
Are you using https://old.lemmy.world?
Yep, even now. I had a really hard time (mentally) doing the transfer before, until I stumbled upon old LW. Still on this format, tbh, it’s just more compact for me. I’m thinking that other lazier / lurkier users might get encouraged to make the jump if the place is familiar to what they will leave behind. Of course, there is still a learning curve, but since everything looked a little bit like the old R, it was intuitive enough for me.
I’m forced to shift to the usual formatting when I have to switch to sh.itjust.works because of the downtime, but when i go back to lemmy.world, it’s always on the old format mode.
And I am a bit talkative here, as I read that lurking doesn’t really help the fediverse. Wish I can contribute in a more intellectual content-making kind of way, but as I don’t have expertise (only interest), my only contribution is to add activity.
Could also maybe pitch the idea of an old style interface to the sh.itjust.works maintainers, that way they’d have one built-in to the site itself just like it is on lemmy.world.
292 instances listed for the first 9 days this month! That’s over 33 per day.
You guys are in the middle of a huge battle. I wish I could assist but it’s outside my experience.
Could not be stated any better.
I definitely think the lemmy.world admins have done everything right so far. I’m not sure if there are actually people saying it’s bad for the fediverse but the sentiment I see is that consolidating onto one instance causes you to lose some of the benefits of decentralization. At this point, there are plenty of general instances with open registrations that aren’t experiencing these attacks so it’s best for at least some people on lemmy.world to try to migrate to another instance. For one thing, that persons experience will be better since they won’t see as much downtime anymore, but more importantly it makes lemmy.world less of a target since these attacks are meant to affect as many people as they can. It’ll probably always be one of the biggest instances but the person might decide it’s not worth their time anymore if enough people move to other instances that they’re affecting a small percentage of the whole Lemmy population.
I’m not sure if there are actually people saying it’s bad for the fediverse
Oh there are plenty of people claiming this. I actually started with a small instance but moved here due to lack of content that the smaller instance could see.
One of Lemmy’s shortcomings is that, by default, instances are only aware of local communities and the specific communities that its users have deliberately subscribed to. If a user subscribes to !funny@lemmy.world for example, the instance does not scan lemmy.world for more communities. There are some small instances running federation helper bots to fix this, but I ended up here due to the lack of visible content on the small instance. Yes, I know there are directories of Lemmy communities, but initiating a federation request on a small instance is not intuitive.
deleted by creator
Nah. It comes from the possibility of being held personally liable for any illegal content hosted on your instance. No one running a small instance wants to get thrown in jail because some other instance isn’t moderating effectively when that content gets federated to their local database.
It’s a real fear that I haven’t seen many people address yet.
This likely depends on the jurisdiction, but don’t some countries have provisions in telecomms law that exclude service providers/platforms from liability for content posted by users?
In asking this, I did a brief search and found that, as expected, it does vary. This appears to be a decent overview from a couple years ago for anyone else interested!
This is only true provided a good faith effort has been made to moderate the platform to remove such content. At least in the US.
deleted by creator
I think that instance hosts were/are more worries about moderating illegal content like CP, copyrighted works, etc. where just blocking isn’t enough. Rather content may actually need to be deleted from the server to avoid legal liability.
It’s self moderating only to a degree. Anybody can make their own community on lemmyworld, and post whatever they like. Any report you make against a bad community can get you banned from it because they can see who reported what.
So the only way to deal with a bad community is to get side-wide admins involved, which is not a quick process.
This is one of those “crisis of opportunity” moments. We’re witnessing the start of something new.
Have you guys contacted law enforcement? It may surprise you. A startup I worked for had the same issue and contacted the FBI. They were able to quickly (within hours) find the person doing it despite him using VPNs and other tools for OpSec.
I’d imagine that there are a lot of users and communities on here that want law enforcement as far away from the Fediverse as possible…
And yet, and this will shock and amaze you, they’re probably here already. Lemmy isn’t a secret.
Found the fed… ;)
No doubt, but there’s a difference between a van trundling down the street and a welcome mat and a tray of tea cooling in the living room.
I get you. There’s good and bad in law enforcement, especially when it comes to tech and social media. On the one hand, there’s pretty serious crime happening online that needs to be stopped. On the other, wild invasions of privacy. There’s no easy answer at this point and governments obviously won’t police themselves.
Illegal activity is actually easier to track on the Fediverse than close source websites. Easy to program bots to run through open source code looking for it.
Why get a warrant when you can honey pot the entire thing? A trick as old as time.
I assure you that the FBI knew of lemmy and had watchers here before we hit 5 digit user numbers
Knowing someone in the FBI and how they talk about how antiquated it is, I have to vehemently disagree with you there.
I’m just curious, antiquated in what aspect?
In both technological and procedural advancement.
I hate to break the illusion but cybersecurity experts already know about every Fediverse instance and it gets scanned regularly. Just like they do discord, FB, twitter, etc.
aint no way
Lemmy isn’t a private space. It’s less private than Reddit in many regards.
I don’t see why when illegal things are happening the government’s offered services shouldn’t be made use of
We’ll just have to nicely ask the ddos’ers to stop it then
Lol
The Feds are everywhere son
Well… this is the fediverse after all.
Have you guys contacted law enforcement?
Given that the goal of this instance is to serve as a reference of the Fediverse, it is expected that it will continue to grow, and in turn, attract more attention, which due to a game of numbers also involves more trolls and enemies. Thus, the fact that the instance is being DDOS’ed right now shouldn’t be seen as a conjunctural problem, but rather a challenge that is here to stay and sometimes be a problem.
While I think it’s a good idea for lemmy.world to do it this time, relying on a police force to routinely come to our call and do something means periods during which the instance will be out while we wait for them for work. The instance, and Lemmy in general, should have more robust defenses so that calling for external help is only required at exceptional times.
Did it result in charges for the person doing it?
For this, I want to see the motivation for DDOSing Lemmy lol.
You don’t need motive to convict. Just the correct mental state (mens rea) and the commission of the relevant elements (actus reus). Motive helps, but it’s not necessary.
But a DDOS attack would probably fall under the CFAA, possibly some other criminal statutes depending on the facts.
I know, I just want to know what the motive is.
“Vengence is mine!” sayeth the gallowboob.
Yes criminal charges were brought against them. I don’t know what happened beyond that, however. It got pretty quiet once evidence was collected and the attack stopped.
In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.
Im a data engineer with 20+ years of experience in sql and various databases, I do performance tuning on daily basis. How can I help? Please message me if you think you can use me. Id be very happy to help where I can!
Possibly not ideal for you as a data engineer, but you could try skimming down the GitHub database issues?
Id rather someone just point me to the problematic query obviously. Would be much easier and better use of my time than to run my own instance and fake data into tables to see where the bottle neck is …
I’m sure if you got in touch with the lemmy.world team and they made sure you weren’t sketchy, they would help you get what you need to effectively find the root of the issues.
Also, hello from a less-experienced, not-sure-if-I-can-call-myself-a-data-engineer-yet data… person? Props for considering lending a hand to the instance!
Here is one I looked at a while back and tried my hand at. Some guidance would be greatly appreciated since, as I say in the issue, I’m not that much of a DB guy.
Here are some of the main culprits: https://github.com/LemmyNet/lemmy/issues/2877
EDIT: Kinda fixed? Is Lemmy stripping special characters? Is it my app client (Memmy)?
People like you are the saviors
If you can start poking around in their GitHub.
I have huge respect for data engineers. Talk about unsung heroes. Thank you for everything you do.
Oracle gives me a headache thinking about it and once things get complicated with an enormous amount of tables and data, I leave it to people who know better. I will go back to programming PLCs, explaining how a warehouse control system works, and writing code in too many languages at once. That is my happy place. The big bad database can stay over there while I make machinery do my bidding.
Oh sure, these people get a couple of lonely hearts to have lunch or dinner together a few times, maybe go out to a movie or a show, and then what? Arranged marriages? – oh wait. That’s “data” engineer … never mind.
deleted by creator
Bruh
If you’re serious about this, there’s a post up calling for sysops: https://lemmy.world/post/2769245
It’s somewhat of a commitment, rather than drop-in drop-out… but that’s what it takes to make a difference here. There are already several sharp and experienced database engineers working on the Lemmy world team. The problem is that the site is under repeated denial of service attack, and there isn’t one bad query to fix… each time one query gets addressed, the attackers move on to a new one.
While it’s always possible that someone has missed a silver bullet, it’s much more likely that a a series of ongoing independent mitigations and optimizations are needed to achieve a tipping point where lemmy is more or less protectable with some hidden dos-able bits rather than more or less trivially dos-able everywhere.
deleted by creator
Besides the actual developers of lemmy, none has done more for the lemmiverse than the maintainers of lemmy.word. When the Reddit shitstorm started and other leading servers shut down user registration, you guys held the ship steady and didn’t flinch from the sudden flood of new users. Discovering new bottle-necks in lemmy code, helping to resolve them and deploying hot fixes. All in super fast reaction time. About “lemmy.world shouldn’t be largest server” crap - it’s good for lemmy that one server is the easy entry point to lemmy. This is where the “mainstream” communities could/should be and new users will have an easier landing. Having dedicated servers with their own communities (like start trek, piracy, etc) is great but it’s not mandatory for all communities.
Hey! Lemmy.dbzer0.com stayed open as well! :)
🫡
You definitely did!
I did this before in this thread but there are actually some others who helped us quite a bit. Lemm.ee’s admin @sunaurus@lemm.ee and Lemmy contributor @phiresky@lemmy.world to name a few.
Yeah I read the original announcement. I know it was a team effort. But still, this is your sever and your responsibility.
The main issues I have with Lemmy.world is basically how culturally tied to Reddit some users are, and I just want to get away from that.
I hang out on smaller instances because there’s less people trying to uphold reddit standards and BS. Stuff like keeping track of defederations, but then claiming they’re all based around some drama. Stuff like that is ultimately unhealthy for the site and was a root cause of reddit becoming more and more toxic over time.
Lemmy is more or less a Reddit clone , at least in how users interact with the site/apps. The more people migrate, the more this will happen. Admittedly, that’s why I’m here but I’m not sure what you mean by upholding Reddit standards. Reddit was/is community operated and minus reddits moderation, the users here will shape the future of the site regardless of the instance in the same way. Subs get too big , and create more serious or niche ones, until those get too big.
/r/gaming and r/games come to mind as an example
Reddit has major issues of power hungry mods & admins demanding others think like they do or suffer the consequences.
I guess I’m not understanding why that wouldn’t happen here or any other instance in the future.
A rambunctious community can jump a fence. The amount of butthurt in Reddit admin teams runs deep, and there is no escape; of course, that is the whole appeal (to them).
Community mods and instance admins have similar powers, there will be similar power struggles, corruption and drama here too.
The fact that it will be easy to jump ship wont change the fact that it will be necessary to jump ship from time to time.
Y’all are motherfucking gangsters. Appreciate the work you’re putting in. I don’t do your kind of code or I’d pitch in. Much love. ♥️
Imagine having the free time to engineer attacks on a site. Fucking loser.
Or, they have a commercial interest or are paid by someone who does. Fucking losers either way
I’ve got my bets on who it is.
As the post pointed out: these are people who know how Lemmy works. There’s a few troll-websites that have been defederated from Lemmy.world, and those troll-websites (and culture) is well known to retaliate in the form of DDOS attacks.
It sucks, but we shouldn’t let them bully us. Instead, we can go to https://sh.itjust.works/c/lemmyworld@lemmy.world and… hey look, bringing down Lemmy.world temporarily doesn’t actually stop us from talking or sharing our posts?
They’re relying upon the fact that people are “used to” going to https://lemmy.world and don’t know that every single member of the federation (sh.itjust.works, lemmy.ca, etc. etc. etc.) all serve as backups to Lemmy.world proper. The posts nor server is ever really down.
It’s called “kids on vacation”. Unless they’re getting paid.
Having free time makes you a loser?
No, spending your free time shitting on other people’s efforts for no reason makes you a loser. Doing it anonymously from the shadows (so to speak) doubly so.
If I was an engineer with a knowledge to ddos attack or hacking a server, I wouldn’t do it just for shitting on something or on particular person. I would do it to gain personal information or for money something.
No, but wilful misunderstanding does.
I couldnt care less. You provide a great forum at no charge to me. I thank yoy for your contribution to discourse, communication with the community, and look forward to the growth of lemmy.world
Thanks for being so transparent with us. Lemmy really does feel like home now to me. I wish the maintainers all the best as they continue to fight the forces of evil.
Reddit was down a lot too, and they stuck ads in my face. It’s not like I have a pacemaker that needs Lenny.world to be up in order to function. Keep up the good work and I hope whoever is behind the attacks steps on a Lego.
Thank you for your work 🫡
usually my reaction when a website I visit daily goes down is to probably visit that website less or think the backend team behind it is lazy. but when lemmy.world goes down or is under attack, I sympathize and just open it when it’s back up. y’all prove that you’re hardworking by providing clear communication and explanation on what’s happening everytime. shout out lemmy team, you deserve the world!!
Have you guys tried NOT getting attacked? Might work.
Seriously, thanks for all your effort!
Great stuff, thank you for all the good work.
btw, as a tip: please resize https://lemmy.world/pictrs/image/14f857e5-703a-4513-9c1a-f23031675be1.png in an image editor. It’s on the homepage, and it’s a frikking 4.5 megabyte image file.
