I think lemmy.ml has more posts, comments, likes in the database due to historic reasons - and the backend is timing out, PostgreSQL not keeping up to application timeout. I have seen the problem on Beehaw, Lemmy.world when they are busy and throwing nginx 500 errors on their front page.
Wonder if I can finally sub to lemmy.ml communities…
From my remote instance, I've been subbing to lemmy.ml communuites about every 2 or 3 minutes, and it just now started to jam up. I'm speculating that the server restart fixed the problem for the first hour or so, but now it's back. Open GitHub Issue: https://github.com/LemmyNet/lemmy/issues/3101
Federation is having rather significant reliability problems right now. Every single like and comment gets sent one at a time to each server, and there are some timing issues in the protocol.
It is only cosmetic if the community is already replicating between the two server instances. If you are on a mostly-empty (new) Lemmy server, then it is more serious and the actual flow of new postings and comments won't happen.
On a major site like Lemmy.world you likely aren't the very first to try and join a particular remote community, so it may only seem cosmetic.
So it seems the issue is intermittent, as other comments have testified. Still might be a problem worth addressing.
But it is a real issue. The regular 'nginx 500' errors on lemmy.ml and other instances are a problem that is impacting federaton, not just webapp clients.
Lemmy federation, server to server, is having a number of problems. Comments and postings aren't always getting copied over to all the servers who have subscribers. For over a week, Lemmy.ml has had regular nginx 500 error codes on the front page, sometimes you have to refresh 3 or 4 times to get a page to load.
Growing pains.
When subscribing to communities it occasionally says “Subscribe Pending”
Your Public IP won't change, but the different databases guessing where that is, interpretation changes.
It was coincidence that they had similar names, I went through the first 5 ot 6 I found on a Google Search and picked two that had different actual information.
With the same IP, the first site thinks I am 2 states away in the USA (1300 miles wrong), the 2nd site shows exactly where I am. Almost all the sites show me 2 states away, but iplocation.com must have had someone identify the hotel I am at.
At this point, raise awareness that it isn't like a major identifiable social media site who has a reputation to worry about. Right now, anyone can create a Lemmy instance and join the federation, there is no approval or application process.
Don’t providers use NAT systems so the public IP you see is not actually the one assigned to someone’s “house”?
Typically NAT ends at the building. So a coffee shop it is going to use private addresses for every person on WiFi inside the coffee shop, but the servers are still going to get the single IP address of that building.
If you use a VPN, the analysis of timestamp probability in logs is still going to reveal that you are likely the user who made x comment at y time. Another lemmy instance you never signed up at can start to look in logs for your comment id: #734995 and cross-reference it to image loading.
This isn't about a firewall. This is about some image hoster figuring out and keeping records of your usage times, location tracking, for your account that comments and posts.
Lemmy is at a point where typical new-user sign-up had no terms of service, privacy policy, cookie policy - people need to understand that this is not a hardened and mature platform. There could be a lot of things that people didn't expect - that a major corporation like Reddit or Twitter would be scrutinized more closely over.
Now that is purely passive, just data collection from routine serving of images.
A rogue site could start serving crafted images to confuse users or cause NSFW content to appear on all other Lemmy sites where users were browsing a meme.
When you have small-time image hosts being used by the dozens, they likely aren't as worried about their reputation being burned by pranks like this.
Lemmy development really needs another couple weeks or a month. There are over 100 instances peering and it's really pushing the database systems hard with the 100,000 users already. Database tuning and query optimization in the code is the order of the day. I also think some of the new front-end apps for web and smartphones would help.
The developers did respond and basically said that the config can be derived by federation and other aspects, so they don't consider it a significant security risk. It doesn't seem to allow writing of changes unless an admin, so I guess it is what it is for now. It is mentioned on Github and in the forums now, so others can raise the issue if they thing it is serious.
I actually didn't bother setting up email, I'm trying to hack on the code and get some of the database tuning done and I thought there needs to be some better way to sign-up and notify new users. But I can try to help you, I do know a lot about email. I'll warn you that spam filters probably won't like Lemmy instances, email is a battleground with hosting providers.
I didn't setup images, did that really run as root? I thought it would have been running under the lemmy user account, but I I don't know.
Don't be afraid to ping me if you need help.
They have fixed some of the install issues based on our feedback, co new server setups won't be as difficult. And I do want to try and edit the documentation on 'from scratch' for them to make it more consistent (the lemmy_server I think should also be done from git checkout on a 'from scratch' and a few other changes in toe docs).
I think lemmy.ml has more posts, comments, likes in the database due to historic reasons - and the backend is timing out, PostgreSQL not keeping up to application timeout. I have seen the problem on Beehaw, Lemmy.world when they are busy and throwing nginx 500 errors on their front page.