This is just fucking weird, tell me I am not the only one feeling weird how the fascists decided to migrate to Lemmy of all places.
hate is when you are mean to cis gendered white hetro men
Lemmy is not an inherently left wing project. the fediverse in general has a lot of fash too who want to be able to be even more openly nazi without reprisal
Lemmy is an inherently left wing project. The developer is a communist and built in a slur filter built in, but the nature of FOSS is that anyone can use and change it.
yeah, it's foss. like the lead dev can do w/e, any forks of lemmy made by nazis is still lemmy. same with the trump mastodon instance and ect, that's what a lot of the fediverse is like
Sigh, I'd hoped this was not the case but freedom for fascists ends up being an unfortunate by product always
you could technically put some stuff in the licence about ih you can't use this for reactionary means. but like, who the fuck pays attention to the licence and these fash instances love to play whack a mole and keep popping back up
You can put anything you want in a license, but if there is no capitalist interest involved then good luck having it enforced.
They're anti-communist yet are forced to use tools created by communists, curious. :very-intelligent:
Important distinction: Lemmy as a software project is not inherently left wing, but the core devs and admins are indeed communists. Fascists are going to use the source code either way, but those core devs and admins control the most active instances and set major cultural norms on those instances. They also control which instances get blocked from the flagships. And if they get popular enough that corporations attempt to coop their projects, they will be able to resist that cooption on a principled basis.
I also think there’s potential to add features which make the platform more difficult to monetize and more useful for its users in the context of self-organization
I think that's the job of the server configuration, not the application.
Can you go a little more in depth? I'm curious because I'm studying web development.
Oh sure! This is a bit of an oversimplification but:
A DDoS is specifically crafted traffic that intends to cause problems (taking the site offline usually)
A web application will generally have 3 main components: the application server(s), the database, and the load balancer (or other configuration for routing requests between the application server and the end user. Any of them can be the bottleneck for load problems.
You identified problems that are mitigated with different infrastructure configurations, which I'd consider to be the load balancer or infrastructure layer. That would be like "you don't have enough servers to respond to requests" or "you set up a ddos prevention service (like cloudflare) to use as a CDN" — both of these can contribute to a site's DDoS hardiness.
At the application layer you can simply have code paths that are less performant than others — for example, a page that does a lot of compute-intensive operations like performing cryptographic functions will use more of your application server's resources than one that just loads simple text or something.
The same goes for pages that have expensive database queries — if you have a page that loads too many records into memory or does that unperformantly, that can overload the database so it can't serve responses to other pages.
Kind of — sometimes expensive routes are necessary (e.g. for operations interacting with passwords you will need to do cryptographic functions and the fact that they're compute intensive is a feature rather than a bug because that makes them take longer to brute-force).
Sometimes the solution there is to move expensive routes behind a login page (doesn't work for sign up/in pages of course.) If you can't do that (or even if you do) sometimes the solution is to stick a captcha on the page.
Depending on the system, sometimes the solution is to separate the expensive parts out into their own service so you can isolate failures — like if you're Netflix, you'd probably want the application responsible for streaming videos to be completely separate from the application responsible for logging users in, that way if your sign-ins go down the people who are already signed in can still watch their videos.
Oh whoops sorry I wasn't implying DDoS-ing the Lemmy itself, I was referring to the site r/Chodi has migrated to.
As of now, the server and the database have to exist on a single VPS, so DDoS protection is based mostly on whatever Cloudflare-like packet dropping proxies are placed in front of that VPS. There’s no database sharding or anything like that. And honestly I don’t think their infrastructure’s been nearly as stress tested as Hexbear. A single person spamming the websocket took Lemmygrad down for a troubling portion of last week
