Slrpnk instance is down till mid July; they might relaunch their server on piefed.
Technology
87
Beiträge
55
Kommentatoren
0
Aufrufe
-
It's not just native Apps. Alternative web UIs like Thunder, Photon and Voyager need them too.
yes, but those frontends are typically tied closer to the backend than a public API.
things like CSRF can help block abuse of the back end.
-
yes, but those frontends are typically tied closer to the backend than a public API.
things like CSRF can help block abuse of the back end.
Nope they all use the public API. Even the default Lemmy web client.
-
That sucks.
-
It wouldn’t be meme-worthy were it lossless.
Is this loss dot jaypeg
-
After a month and a half downtime all the users will have moved on to other instances. This is essentially a death sentence for the instance and its communities.
I dont think it will be. I've had two accounts for a while to deal with unexpected issues & will happily return to my slrpnk account once it's back up and running
Plus for the communities, people who were subscribed to them before will likely stay subscribed & once the instance is back up the posts will be in their feeds without an issue.
Being able to accommodate issues like this is one of the major upsides to a decentralized platform.
-
What is so special about piefed? I see a few communities moving there. The interface looks different from the original lemmy interface.
-
Slrpnk.net admin here.
The failure seems to have been in the main firewall, if it had been the server itself we could have easily restored it on another server from the backups on another machine. But as it stands, remote access is entirely cut off.
There usually is another person with hardware access, but they are on summer holidays. This seemed like an acceptable risk at the time...
An off-site backup would have been nice of course, but due to the costs involved in running an Lemmy instance of that size on a rented server, it would have not been a great option either.
I have plans to add a KVM to the main firewall via a secondary connection, but even that might have not helped in this case. I'll know more when I have physical access again.
I've done a lot of SysAdmin and DCOps stuff in the past so, thought I'd give you some plausible suggestions (haven't dug deep into Lemmy DB stuff and DNS/Federation of the stack, so not sure all is practical).
Scenario 1 - Preserve and merge when access is restored
Setup
- Spin up two VMs/VPS (or one that has enough grunt for two Lemmy servers). Call them
robak.slrpnk.netandslrpnk.netand point DNS appropriately. - Pull federated content from other instances and place it on robak, set as read-only.
- Sync important comms to (new) slrpnk.net without content.
- Allow users to sign up, vetting as possible (all mods). Keep a list of those that are vetted (call it vetted.list). Inform all users that any non-vetted users will have their content dropped when access is restored.
Merge!
- Once access is restored, ensure that (old) slrpnk.net is set to read-only.
- Schedule a maintenance window (announce more time than you are likely to need).
- During the maintenance window, put (new) slrpnk.net into R/O, or just block external access.
- Query the db on (old) slrpnk.net for all users.
- Subtract the vetted users from vetted.list from the list.
- Drop all records from the resulting list of non-vetted users from (new) slrpnk.net.
- Insert the records from vetted and new users (those without conflicts) into the DB on (old) slrpnk.net.
- Validate that everything is working
- Cut over DNS and spin down the new VMs/VPS.
Scenario 2 - Server is in DC or Admin able to facilitate access
- Get a db dump/backup.
- Spin up temporary slrpnk.net on a VM/VPS.
- Use backup of temporary server to restore data to original, when possible.
- Spin up two VMs/VPS (or one that has enough grunt for two Lemmy servers). Call them
-
It's clearly "slurp nook," that nook where you can go to slurp soup as loudly as you want without being judged.
Makes most sense
-
Don't pull a feddit.de on people, alright?
What exactly happened there? It was the big thing, then I didn't use it for a month or so and then it was gone.
-
Nope they all use the public API. Even the default Lemmy web client.
well that's poor planning and why bots are such a problem.
I know CSRF tokens aren't a silver bullet, but doing nothing to stop them does nothing to stop them.
-
What is so special about piefed? I see a few communities moving there. The interface looks different from the original lemmy interface.
Well, you can add flairs
-
What exactly happened there? It was the big thing, then I didn't use it for a month or so and then it was gone.
The admin basically ran it as a one man show with only one other admin who had very limited privileges.
He then went on a "business trip" or workaction or longterm vacation - there were different stories.
Anyway, the database went belly up, the other admin couldn't do a thing and none could contact the admin.
There are some rumours that he wasn't who he claimed he was and actually was a Chinese national who simply returned home, but who knows that.
As a matter of fact none had any meaningful contact with him for months then and it appears he did not return. (But is alive)A Austrian NGO who amongst others does host some mastodon instances,etc. took over and now feddit.org is on a very productive, professional and transparent level.
-
Slrpnk.net admin here.
The failure seems to have been in the main firewall, if it had been the server itself we could have easily restored it on another server from the backups on another machine. But as it stands, remote access is entirely cut off.
There usually is another person with hardware access, but they are on summer holidays. This seemed like an acceptable risk at the time...
An off-site backup would have been nice of course, but due to the costs involved in running an Lemmy instance of that size on a rented server, it would have not been a great option either.
I have plans to add a KVM to the main firewall via a secondary connection, but even that might have not helped in this case. I'll know more when I have physical access again.
Appreciate the answer and the detail. Good luck getting it all resolved.
-
The admin basically ran it as a one man show with only one other admin who had very limited privileges.
He then went on a "business trip" or workaction or longterm vacation - there were different stories.
Anyway, the database went belly up, the other admin couldn't do a thing and none could contact the admin.
There are some rumours that he wasn't who he claimed he was and actually was a Chinese national who simply returned home, but who knows that.
As a matter of fact none had any meaningful contact with him for months then and it appears he did not return. (But is alive)A Austrian NGO who amongst others does host some mastodon instances,etc. took over and now feddit.org is on a very productive, professional and transparent level.
Thanks for the summary! That sounds freaky!
Well, the trade-off between trusting a huge corporation or a single dude on the internet.
-
What is so special about piefed? I see a few communities moving there. The interface looks different from the original lemmy interface.
Our sysadmin explained some technical advantages here: https://feddit.org/post/13613230/7063696
-
You underestimate the userbase. I made a temp account in the mean time, but we are a hyper tight knit community. We will probably lose accounts - no question - but the core userbase will return
Count me in! Slrpnks all the way!
-
Thanks for the summary! That sounds freaky!
Well, the trade-off between trusting a huge corporation or a single dude on the internet.
XKCD #2347
-
Our sysadmin explained some technical advantages here: https://feddit.org/post/13613230/7063696
Postgres slowing factor
I'm pretty sure one of the best optimised free/libre DBMS's is faster than Python
EDIT: skimmed it wrongly, see corrections below
Also no one know how Piefed scales, since it only has like 350 MAU
-
Postgres slowing factor
I'm pretty sure one of the best optimised free/libre DBMS's is faster than PythonEDIT: skimmed it wrongly, see corrections below
Also no one know how Piefed scales, since it only has like 350 MAU
Piefed also uses PostgreSQL. He was mentioning that the limiting factor on either platform is the DB, meaning that the parts written in Python will likely not be a limiting factor.
Piefed also has quite impressive optimizations in other areas as well compared to Lemmy or even Mbin.
-
well that's poor planning and why bots are such a problem.
I know CSRF tokens aren't a silver bullet, but doing nothing to stop them does nothing to stop them.
CSRF protection is a security feature not bot prevention. A bot would just need to get a token first.
