Lemmy.world is down because of a DDOS attack - eviltoast
  • bastion@lemmy.fmhy.ml
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    1 year ago

    I think this might be interesting:

    • permit separate, low-traffic, highly rate-limited, auth-only servers. They would be strictly rate-limited and only accept connections from whitelisted partner servers, because they only handle auth.
    • any partner server can authenticate a user and handle content for the server/auth-server pair, but only does so under certain conditions (determined by the partner - all the time, when ping api call > n seconds, or manually, for example)
    • user@lemmy.world can’t log in, so the client tries the list of partnered servers. user succeeds at lemmy.partner.net.
    • user@lemmy.world@partner.net says… ‘…something’ and all other servers accept it as being from user@lemmy.world
    • lemmy.world recovers, and claims all of the @lemmy.world@partner.net posts. Partners then forget the extra stuff they’ve been hosting.
    • Calcipher@lemmy.ml
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      The problem with these types of redundancy schemes is that it simply takes a Internet backbone hiccough (or AWS fuck up) to cause there to be multiple primaries (i.e. lemmy.world is online still, but some portion of the internet can’t see it, so a replica promotes itself to primary, people use both, how do you reconcile it).

      This is not even beginning to talk about the nightmare scenarios possible if someone hacks a replica.

      Edit: Still, this is a good thought and similar to how some actual software packages do things.

      • bastion@lemmy.fmhy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        A lot of those issues of ‘multiple primaries’ can be resolved with intelligent data types and actions. That is, if we have a notion of how the data is organized, a lot of decisions can be made a priori. Ones that can’t can be read-only during a split.

        Comment groups are mergeable sets. Any unique comment is a valid comment.

        For any individual comment, any tombstone causes a comment to be unseeable (and ideally be deleted). Any edits are latest-wins.

        A lot can be sorted out that way - enough to be usable. Some databases even support that on a db level.