Good News

Most of these ‘attacks’ are targeted at the database

A major PostgreSQL performance issue, logic mistake, was discovered today in lemmy_server and is an easy fix. Details: https://lemmy.world/post/2008987

I hope people share the positive hits of CSAM and see how widespread the problem is...

DRAMTIC EDIT: the records lemmy_safety_local_storage.py identifies, not the images! @bamboo@lemmy.blahaj.zone seems to think it "sounds like" I am ACTIVELY encouraging the spreading of child pornography images... NO! I mean audit files, such as timestamps, the account that uploaded, etc. Once you have the timestamp, the nginx logs from a lemmy server should help identify the IP address.

yha, what do people think the FBI is for... this isn't crazy. They can get access to ISP logs, VPN provider logs, etc.

the comment_like database table in Lemmy also has a timestamp on it, "published" field, that discloses what time you voted. This reveals patterns of your Lemmy usage to other federated servers.

Good to see a heavy production server taking on the scaling issues. Thank you! To discuss Lemmy performance issues, there is a dedicated community: !lemmyperformance@lemmy.ml

It's a variety of topics I find denial of reality to be increasing. Climate change science, including the history of how long ago people like Carl Sagan made it a widespread topic. Medical science with pandemics, nonsensical views on how vaccines work. Wild views about how windmills work and interact with the environment.

It is not even a mistake, it's some pretty mind-fucked up on part of @bamboo@lemmy.blahaj.zone to jump to such a conclusion. crap

Once Elon Musk returns him to Twitter, we will have the "bar and grill of all the world's journalist" for the past 15 years become a black hole of old news story history. The symbolic tactics that are under play are massive. Reality has been rejected on a massive scale via electric media.... Dans un sens, c'est le système entier qui, par sa fragilité interne, prête main-forte à l'action initiale. Plus le système se concentre mondialement, ne constituant à la limite qu'un seul réseau

Trump followers can't even see how the former mayor of NYC has lost his mind. They meet at 4 seasons gardening.

and avoiding link rot

Lemmy seems built to destroy information, rot links. Unlike Reddit has been for 15 years, when a person deletes their account Lemmy removes all posts and comments, creating a black hole.

Not only are the comments disappeared from the person who deleted their account, all the comments made by other users disappear on those posts and comments.

Right now, a single user just deleting one comment results in the entire branch of comment replies to just disappear.

Installing an instance was done pretty quickly... over 1000 new instances went online in June because of the Reddit API change. But once that instance goes offline, all the communities hosted there are orphaned and no cleanup code really exists to salvage any of it - because the whole system was built around deleting comments and posts - and deleting an instance is pretty much a purging of everything they ever created in the minds of the designers.

I've found there is a culture within Lemmy developers and long-time operators to discuss in Discord or Matrix chat instead of "eating their own dogfood" and using Lemmy itself to openly discuss Lemmy technical and project issues. These chat services are legendary for keeping things away from search engines and newcomers getting up to speed. Lemmy itself isn't nearly as search-engine friendly as Reddit was traditionally, it seems like feedback needs to be given as to how important it is to keep things about Lemmy in the eyes of those who actually use Lemmy...

The bugs in Lemmy are such that you don't even need to touch a server for it to be vulnerable. Cloudflare does not defend against such mistakes. Other servers can trigger deep PostgreSQL logic problems within Lemmy. Growing pains, a lot of the federation code was never tested, and today's crash is due to a logic issue with lemmy_server mistakenly updating 1700 servers it knows of through federation for a delete instead of the 1 local server.

Your home instance will act as a proxy and only they have access to your email and IP address.

Your home image typically doesn't proxy image loading, those are hotlinked to the Lemmy server that the image was uploaded to. So your IP address and browser string are going to other Lemmy servers.

CSAM (Child Sexual Assault Material) posts

The federal governments of several nations should be in pursuit of this, and IP addresses and specific time logs shared.

Yes, I installed a Lemmy server my own self, there is no screening, approval, or even a "terms of use" on the signup page. This is the "wild west" of social media. And some of the claims on the GitHub project page such as "full delete" are an overreach, as it has no footnote that federated servers do not have to comply with the delete of your replicated votes/comments/posts/profile

Yes. odd how people think sharing CSAM is why people would post here, instead of actually tracking down and prosecuting those sharing CSAM. Details about the users who sharedl CSAM content, such as timestamps - would help identify the offenders for prosecution.

Sell-out for upvotes

Conservatives aim to restructure U.S. government and replace it with Trump's vision

Give me a break! Can people really not connect the dots of a very obvious time-line?

1. June 16, 2013, during the Miss USA 2013 pageant in Las Vegas, Donald Trump, owner of the Miss Universe Organization, and Miss Universe 2012 Olivia Culpo announced that the Miss Universe 2013 pageant will take place in Moscow, Russia on November 9, 2013.

2. June 18, 2013 - Trump on Twitter praising Putin as his best friend, BFF. evidence: https://www.hollywoodreporter.com/news/politics-news/donald-trumps-tweet-best-friend-939986/

3. 2013 is when the Saint Petersburg social media troll army was already online. Notable, the same Twitter that Trump is posting on June 18... evidence: https://www.buzzfeednews.com/article/maxseddon/documents-show-how-russias-troll-army-hit-america

4. November 9, 2013 - Trump is on Twitter saying he is in Moscow: https://twitter.com/realDonaldTrump/status/399171340042661889

5. December 14, 2013 - Putin holds his annual "state of the union" address in Moscow and announces a new movement of global domination via "conservative values". evidence: https://www.theatlantic.com/international/archive/2013/12/vladimir-putin-conservative-icon/282572/

6. February 20, 2014 - Putin orders Russia to invade Ukraine. https://en.wikipedia.org/wiki/Annexation_of_Crimea_by_the_Russian_Federation

.

Not even getting in the August 24, 2018 announcement by academics that Russia has seeded a pandemic response among the population with the troll army that went online in 2013 (#3 above).

And 2018, and February 22, 2022 ... 2nd invasion of Ukraine response.... https://www.vox.com/policy-and-politics/2018/8/6/17656996/trump-republican-party-russia-rather-democrat-ohio

As far as I'm concerned, Russia is unstoppable. Nothing has reversed the trend that started over 10 years ago, and people think it is a domestic issue without understanding/learning one fact of how it played out... Oh my God, I'm so Happy!

yha, it said "effectively defedarated" - anyway, I edited out the words entirely so there isn't any more confusion.

4.34K votes, 282 comments. A vote bot army going on?

It sounds like you’re encouraging people to share CSAM images found, which is obviously not the intent of this tool.

Yes, that is in fact the context.

Context: "which is obviously not the intent of this tool. "

it is not my intent to share the images, nor is it the context of the tool.. Sharing details about the users, timestamps - would be the obvious context.

he’s popular as a speaker for a reason

I think he has a natural talent to listen to what gets a rise out of people, what gets a reaction, and then copy that in his own way. What he says, once transcribed to written form, is often not very intelligent. It's his mannerism and even his unique makeup and hair - that people listen to far more than his actual meaning. I find people who think Trump is a great person often have serious difficulty interpreting and understanding hard sciences like chemistry and physics... and are influenced by advertising techniques in particular ways.

example?

EDIT: Ok, I see a lemmy.ml created a post: https://lemmy.world/post/2463337
So far, I can't find any new content on lemmy.ml from .world

When the browser loads that URL, hotlinked image, that server has to have your IP address to return the results. Just browsing posts those images are being loaded.

lemmy.ml is back online!

But lemmy.world should primarily communicate via lemmy imo…

I find the same attitude holds for developers who like to hang out in real-time Matrix chat and don't seem to use Lemmy itself very much and things like code blocks ruining greater-than and less-than slip right into release without much concern.

Lemmy.world is now responding some at least, and some of the comments from remote servers came into this posting just now.

It's sad that we don't teach the history of symbolism / society media consumption patterns. Multimedia presentation of Fox News is way more televangelism than a dusty old book named The Bible. We just let advertising and marketing media act upon the population and people behave as if there are no side-effects or conflicting influence systems. We could educate everyone on the world-wide patterns of this and the history, but we do not. We behave somehow as if the Middle East / Levant is a role model of people fighting it out over their favorite story patterns.

I had to look it up... British

Although these days I'm finding I don't recall as much as I used to, I might have known about it in my past.

July 30 comments when from 7.1 million to 9.9 million. In a single day?

They think that they can create an authoritative system and rules that will bring people in line

Sometimes it just seems that they were raised on authoritative media (including the TV news and radio they admire). First, the Levant stories about voices from the sky and burning bushes. Then Trump is famous for his TV personality of "you're fired!" commandments. Rick Roderick's 1990's descriptions help me with the words: "And on a Freudian account, it’s not accidental that that’s the time you reach out for large and invisible fathers to protect you… and mothers. And you know what, that’s elegant suspicion. It is not an argument; it’s an elegant suspicion. In fact when you look at the iconic significance of churches, you know the Father, the Son, the Holy Ghost, the family values stuff, you know… I mean, I hate to sound cynical, but as Freud says, they whole thing is so patently infantile. So obviously infantile, that to anyone with the love of humanity it’s just sad to think that most people will never rise above this view of life."

This isn't shitpost material, this is reality of how the human mind works, and www.thisman.org that you linked is another example of the human brain works. This s the very meaning of 'Demon-Haunted World', where people compulsively flock and put their faith into someone without scrutinizing the actions the person or system is taking. People read a book and say they personally know Jesus... if you haven't met such a person in your lifetime if you have lived in North America, I'd be surprised.

This isn't shitpost material, this is the nightmare of reality that's trending towards self-destruction. Since 2014 crowds have been flocking to icons and symbols of things that are objectively bad.

Ok, I've got it wrong, you said hundreds, this is a shitpost.

Edit still see some performance issues. Needs more troubleshooting

Federation overheard is putting a lot of load on servers. Creating one task for every single post, comment, and vote in RAM-only queue.... pending changes: https://github.com/LemmyNet/lemmy/pull/3466

My main Lemmy.ml account comment isn't properly federating over to lemmy.world, so I'm duplicating my reply on my alt-account:

Cool. SvelteKit is ideal for this.

Can you move the server name to an .env variable so I don't have to run a sed? sharing my sed:

find src/ -type f | xargs sed -i 's/lemmy\.world/enterprise.lemmy.ml/g'

FYI, there is a double https:// on page https://github.com/ando818/lemmy-ui-svelte/blob/main/src/lib/lemmyclient.js

On desktop browser, I'm getting a '500 internal error' on the /r/post/xxx route, but not sure why. The console isn't showing anything. The page.server.js seems to get the JSON fine from the API, but the .svelte file in that route is failing.

My lemmy server is also running the same versions are you are now. I was getting timeouts with lemmy.world federation so I recompiled lemmy_server with timeout changes:

diff --git a/crates/utils/src/lib.rs b/crates/utils/src/lib.rs
index e5d07db2c..e2c592d82 100644
--- a/crates/utils/src/lib.rs
+++ b/crates/utils/src/lib.rs
@@ -18,7 +18,7 @@ use std::time::Duration;

 pub type ConnectionId = usize;

-pub const REQWEST_TIMEOUT: Duration = Duration::from_secs(10);
+pub const REQWEST_TIMEOUT: Duration = Duration::from_secs(13);

 #[macro_export]
 macro_rules! location_info {
diff --git a/src/lib.rs b/src/lib.rs
index cc77ca48f..45c621a7c 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -37,7 +37,7 @@ use tracing_subscriber::{filter::Targets, layer::SubscriberExt, Layer, Registry}
 use url::Url;

 /// Max timeout for http requests
-pub(crate) const REQWEST_TIMEOUT: Duration = Duration::from_secs(10);
+pub(crate) const REQWEST_TIMEOUT: Duration = Duration::from_secs(16);

 /// Placing the main function in lib.rs allows other crates to import it and embed Lemmy
 pub async fn start_lemmy_server() -> Result<(), LemmyError> {

Federation protocol implementation is poorly optimized, it does SQL lookup for the person every incoming post/comment/like, checks the community if they are banned, all of this with zero caching. HTTP outbound is also very simple design that only now some logic to detect dead peer servers is being added, etc.

It is back up

@ruud@lemmy.world and @sunaurus@lemm.ee

I added some self-awareness of concurrency to the Lemmy API Rust logic: https://github.com/LemmyNet/lemmy/pull/3805/files - this should allow a more standard in-band response to concurrency slow-response server overloads. Keywords ('woodstocksnoopy' as watchdog, and even more alarming keyworld to find in your logs: 'SITE_OVERLOAD') were added to the logging to make it explicit when this is happening.

@sunaurus@lemm.ee

they are called communities here

I think timestamps of files would be one of the easier things, and try to track back to postings and comments that references the upload... ideally the logged-in account (which is the standard install of lemmy, only logged-in users can upload to pictrs)

There is a pattern of retries built into the code, but syncing has no ability to repair failures, and there have been hand-documented cases where even with retries, there is significant data loss: https://github.com/LemmyNet/lemmy/issues/3101