Lemmy World outages
Lemmy World outages
Hello there!
It has been a while since our last update, but it's about time to address the elephant in the room: downtimes. Lemmy.World has been having multiple downtimes a day for quite a while now. And we want to take the time to address some of the concerns and misconceptions that have been spread in chatrooms, memes and various comments in Lemmy communities.
So let's go over some of these misconceptions together.
"Lemmy.World is too big and that is bad for the fediverse".
While one thing is true, we are the biggest Lemmy instance, we are far from the biggest in the Fediverse. If you want actual numbers you can have a look here: https://fedidb.org/network
The entire Lemmy fediverse is still in its infancy and even though we don't like to compare ourselves to Reddit it gives you something comparable. The entire amount of Lemmy users on all instances combined is currently 444,876 which is still nothing compared to a medium sized subreddit. There are some points that can be made that it is better to spread the load of users and communities across other instances, but let us make it clear that this is not a technical problem.
And even in a decentralised system, there will always be bigger and smaller blocks within; such would be the nature of any platform looking to be shaped by its members.
"Lemmy.World should close down registrations"
Lemmy.World is being linked in a number of Reddit subreddits and in Lemmy apps. Imagine if new users land here and they have no way to sign up. We have to assume that most new users have no information on how the Fediverse works and making them read a full page of what's what would scare a lot of those people off. They probably wouldn't even take the time to read why registrations would be closed, move on and not join the Fediverse at all. What we want to do, however, is inform the users before they sign up, without closing registrations. The option is already built into Lemmy but only available on Lemmy.ml - so a ticket was created with the development team to make these available to other instance Admins. Here is the post on Lemmy Github.
Which brings us to the third point:
"Lemmy.World can not handle the load, that's why the server is down all the time"
This is simply not true. There are no financial issues to upgrade the hardware, should that be required; but that is not the solution to this problem.
The problem is that for a couple of hours every day we are under a DDOS attack. It's a never-ending game of whack-a-mole where we close one attack vector and they'll start using another one. Without going too much into detail and expose too much, there are some very 'expensive' sql queries in Lemmy - actions or features that take up seconds instead of milliseconds to execute. And by by executing them by the thousand a minute you can overload the database server.
So who is attacking us? One thing that is clear is that those responsible of these attacks know the ins and outs of Lemmy. They know which database requests are the most taxing and they are always quick to find another as soon as we close one off. That's one of the only things we know for sure about our attackers. Being the biggest instance and having defederated with a couple of instances has made us a target.
"Why do they need another sysop who works for free"
Everyone involved with LW works as a volunteer. The money that is donated goes to operational costs only - so hardware and infrastructure. And while we understand that working as a volunteer is not for everyone, nobody is forcing anyone to do anything. As a volunteer you decide how much of your free time you are willing to spend on this project, a service that is also being provided for free.
We will leave this thread pinned locally for a while and we will try to reply to genuine questions or concerns as soon as we can.
Thanks for being so transparent with us. Lemmy really does feel like home now to me. I wish the maintainers all the best as they continue to fight the forces of evil.
Great stuff, thank you for all the good work.
btw, as a tip: please resize https://lemmy.world/pictrs/image/14f857e5-703a-4513-9c1a-f23031675be1.png in an image editor. It's on the homepage, and it's a frikking 4.5 megabyte image file.
If you think it might help I've got a bit of a hack I've used in the past to cache a sql database in a compressed ramdisk using zram and bcache. Imagine stuffing a 50G DB into 20G of memory.
It won't fix the inefficient SQL queries but it would make it so frequently accessed tables get cached in a ram disk cutting query time significantly.
This might be enough to reduce the impact of these attacks until queries can be optimized.
This assumes your database isn't running on something like RDS though.
Thank you for the update. Good work.
Take your time bros I don't need this shit 24/7 the downtime is fine and expected
I’m imagining spez is sending his flying monkeys and they’ve been trying to shut it all down. Doesn’t matter that you’re smaller than Reddit, Egos like spez’s can’t take even a minor rumble. Just look at how he has to ‘win’ against all his own users. Should tell you all you need to know on his motives.
Thank you for everything you do. You guys are doing a fantastic job, and a lot of us sincerely appreciate all your efforts!
Thanks for the transparency and the update! Downtime to me is useful, it prevents me from using Lemmy too much.
Thank you for your hard work
Thank you for your time & efforts in maintaining this platform. I (and many others I'm sure) have great respect for the work you do in trying to combat this menace. The community is completely behind you and appreciates the value of this resource.
Very grateful for your focus and dedication. Bummer about the DDOS bullshit. Your efforts mean a lot to the communities.
You're managing this well. Good work folks.
Well thanks for the update and your hard work. I am currently using lemm.ee as a backup account so that I can at least have my fix.
Hope the bastard(s) who are ddossing the server get some nice tropical diseases.
Lemmy.world also was my first step into the fediverse.
appreciate the transparency!
Endless DDOS attacks. Sigh.
What I find most ridiculous about people claiming lemmy.world is too big and therefore bad for the Fediverse is simply... Have you people wondered why it got so big?
During the crucial first weeks of the Reddit migration, the single time period with the most chance of bringing new users, pretty much all larger Lemmy instances closed their registrations - they couldn't handle the influx. Other big ones decided to immediately defederate everybody, they were afraid of having to moderate content. And a few did remain open and federated, but they were also extremely niche and focused on their own political side of the spectrum.
Lemmy.world however remained open, remained with active admins that helped the first moderators, and kept upgrading the server at a very fast rate - you might forget it now, but Lemmy was massively slow and frustrating and then a new Lemmy.world update would drop and it would feel like a different website.
So yeah, "bad for the Fediverse" for being the only instance that kept up with the demand at the most necessary time.
Thanks Lemmy.world team.
keep fighting the good fight <3
keep up the good work team; you're the linchpin to this renaissance
Are DDoS protection services like those from Akamai, Arbor Networks, Link22 etc an option? Those are tested as ok by the German Federal Office for Information Security.
keep up the good work
The conversation gets a bit scrambled/broken up by disruptive/toxic people but this is a comment chain on lemmy.ml two weeks ago about SQL issues and challenges in getting the Lemmy Dev team to address them that might be worth reading:
This has been pinned a few days now. Site health was pretty dire with several long outages.
But subjectively in the last 48 hours things seem to be great. Noticeably responsive and login and activities haven't missed a beat.
StatusPage.io still looks very red though... Is the worst now mitigated?
Thanks to the stirling admins (and friends) for their work on this. Vive la Lemmy.World!
Appreciate it
Thank you for all the works you do!
All support to Y'all, Keep Going!
🙏 🙌
Are you guys using a load balancer at all? How about a tool like CrowdSec?
I use that and the nginx Bad Bot Blocker to stop malicious shits on the sites I operate (medium-large e-commerce) to great success. We used to get scraped heavily by competitors but now they get the middle finger.
I presume you have fail2ban too?
The Great Lemmy Wars
Is there any update on the instances that were unintentionally defederated from lemmy.world? I know that one of the fanaticus.social admins was trying to get that sorted out.
Nam flashbacks to DALNet getting DDOSed to death for no reason
In all seriousness, we all appreciate your work. These are the growing pains that are to be expected, and your hard work and transparency (and writing it up at a level that even I can understand) is welcome.
I think I initially signed up on your instance and then figured it out, signed up for a more local instance but then figured I made a mistake and ended up where I am.
Thank you again for being available to let me through the door. Once I figured out that there's lots of doors, it was much better.
Lemmy.world will always be a special place and you and anyone who volunteers for work hare is fuckin awesome. Thanks again ♥️
I would love to see this grow to the point where a full time sysadmin could be hired! Would need a lot of subscribers though
Im a data engineer with 20+ years of experience in sql and various databases, I do performance tuning on daily basis. How can I help? Please message me if you think you can use me. Id be very happy to help where I can!
Ironic that they're effectively proving that you were right to not trust them...
Will these occur in the near-future?
Permanently Deleted
a better solution is to decouple the query from individual api requests by adding a caching layer. we’ll get there eventually
I have nothing bad to say about Lemmy.world, but I do recommend that people move away from it in order to better decentralize Lemmy. Here is some useful information for people wanting to move instances.
For a list of instances, along with with stats for those instances:
https://fedidb.org/software/lemmy or https://lemmyverse.net/
Also, tools for migrating instances:
https://github.com/CMahaff/lasim (easy) - Latest Version Download (just select your OS type and run the program)
I think it would be good to not close registration and if once a month or something there could be a post by admins about migrating to smaller instances (this is made easy with the LASIM tool) so new users can easily sign up with no hurdle but we also prevent too much centralization.
Interesting your comparison with "imagine if a new user got to the page and couldn't sign up" - honestly, that's what they're faced with now regardless of closing off sign ups.
You say being able to handle the load is not an issue - I understand that on a technical level, but at the same time, you can't handle the load currently with the level of ddos attacks. That much is fact.
I know it's hard to catch these fuckers and close exploits quickly, but let's be honest here so far the methods have failed on LW's part. These are 2010 levels of downtime.
Did you not read the post?
I hope you reported this to the FBI so they can investigate this group, all too often you find people who commit cyber attacks and are never prosecuted for their crime because no one filed a report. With any luck they'll get a lengthy prison sentence and learn what the real world is like outside of the digital realm scrubbing toilets with a toothbrush.
The DDOS attacks are still going on? Why is the server unstable?
Question, can we configure the nginx to return cached responses for all non-logged in queries for predetermined periods of time? (1min for example?)
You just answered your own question? Lmao
Any de-federated instance doesn't have the money or resources to start DDOS attacks. You know who does? Large corporations who feel attacked at the very existence of large platforms such as lemmy.world.
Who do we know with those resources, funding, knowledge of software (in general, as well as able to place specific people to learn about certain FOSS projects that have their code available), and the desire to spend such resources?
You know it's Reddit Co, we know it's Reddit Co. They know they're doing it too.
Fuck Spez and his bullshit army. I hope they can sleep well in their suburban McMansions while they sell out their future.
Conspiracy is one thing, this is just obvious.
Are you serious rn?
Being the biggest instance and having defederated with a couple of instances has made us a target.
Hexbear was down too... but I guess the spectre haunting Lemmy is too scary to allow you to imagine any other culprit
Answered your own question before you even asked it 🤦
Ah no, sorry, while I sympathise with your technical issues, the rest of your post is disingenuous at best.
Lemmy.world being too big is bad for Lemmy as a product/software/"brand" etc - your downtime, being the instance most people link to, is a LOT of people's first impression and when it spends time being down, people associate THAT downtime with Lemmy, and not the hundreds of other instances that don't have downtime.
The issue isn't even about you being the biggest instance, its the absolute imbalance in both users and communities on one instance and you willingly allowing it continue. If you genuinely cared about Lemmy, you would close registrations now.
You have enough "technical" people to build your own instance from the source code with that change for the banner built in (and you could go ahead and submit the PR/Issue anyway), but you haven't - instead placing the blame on the developers. Hell, you only made the PR 5 hours ago after weeks of other admins asking you to close the instance.
You could even make the simple change to the sign up link instead lead to join-lemmy, but for whatever reason you want to continue to be the biggest instance and don't care about the wider lemmy ecosystem and the effect that it has.
I could not login for a week lol. I tried 1 or 2 attempts a day and it was down. "Fuck this lemmy sucks" and I installed Boost again. Took a couple of days to see whats changed on Reddit and now I have both!
