Wimpy
CupcakeRob@wimpy I gotta boost that link
FXBOY4EVA@wimpy its 2024 and they're moaning about getting slasdotted ?
and its happening even though they already use a CDN ?
Sounds like a them problem.
@FXBOY4EVA Sure does 👍
@wimpy It also does not speak well of their technical acumen if they don't realise that.
Can you imagine for a moment (and yes, I perfectly understand how unlikely it is on a non-federated social network) if they'd put out an article like that whinging about (pre-space karen) twitter ?
MinaThe people at @itsfoss are really nice and friendly. They are a small team, publishing a lot of articles, and only have limited financial resources.
I am not a web professional, but I guess there should be html/css feature that allows to serve a static prepared image and teaser text for a website, instead of every instance having to pull the entire site (with all the rubbish on it) and having to generate its own preview. Or is there not?
There are multiple methods they could use on their side to mitigate the issue there, including some things akin to what you suggest. Instead of complaining about, and blaming others for it.
That is what makes it rather churlish of them to publish an article, on their ostensibly technical news outlet, blaming others for the problem when it is in line with and entirely a consequence of the normal functioning of the internet.
Ankush Das 🤖@FXBOY4EVA @mina @itsfoss @wimpy
Hi there!
Well, allow me to clarify it here. I've made it obvious in my article that I don't blame Mastodon.
Sure, we're welcome to suggestions and misconfiguration hints. We're only human, I would take it that way.
I'm not the site admin here, but I've built sites before for clients. So, I think I know a few things (if not all).
Let me give you a comparison on why I think, this issue should be resolved on both sides (not just one):
@FXBOY4EVA @mina @itsfoss @wimpy
For starters, the sites have handled massive traffic spikes through Google News/Reddit/other platforms.
But, the misconfiguration/lack of proper caching technique kicks in only when our post goes on Mastodon?
So, it's not us alone, right?
If that was the case, this user here won't have complained about their website getting a mini DDoS here?
https://mstdn.social/@stux/112346188861924441?ref=news.itsfoss.com
Another one here: https://disabled.social/@richard/112367825632049001?ref=news.itsfoss.com
stux⚡ (@[email protected])
Pff.. I really dislike the fact that sharing a link on the Fedi results in a mini DDoS since every instance needs to get a link preview image and data etc This results in a lot of requests in a short amount of time killing most small servers for a while
@FXBOY4EVA @mina @itsfoss @wimpy
I'm sure every site can do better (and we will too, with all the constructive suggestions we've been receiving).
But, the whole point of the article was to shed light on an issue that's existing for almost 6 years now, and has been pushed back.
If you think, our caching handling techniques are poor, as a technically inclined user, you should also realize that the issue highlighted for Mastodon is a fundamental one as well?
@soul_predator @mina @itsfoss @wimpy
Blocked.
Nobody wanted or asked for a three toot lecture of complete Wrong.
Please go away, educate yourself, and consider a retraction article.
meejah@soul_predator @FXBOY4EVA @mina @itsfoss @wimpy Are you actually looking for help here? Can you post actual traffic patterns from real mastodon hosts?
(I would expect the results to "naturally" spread out due to federation). Are you sure it's the link-preview and not something else?
As a "normal" user it takes 101 requests and 3 Dooms of data to load your site; the link preview should be 2 (the html, and the preview-image).
dorotaC@FXBOY4EVA @wimpy Slashdotting needs a user on the other side to generate traffic. This is talking about servers making requests regardless of whether anyone looked at the post or not.
@FXBOY4EVA @wimpy Just making sure everyone is aware that this is different from slashdotting in an important way :)
nat-418@wimpy hilarious article—look how much junk they ship to your browser
9to5Linux@wimpy you can always share our links 😀
@9to5linux Is the right reply ⭐
Nizar Kerkeni 🇹🇳 نزار القرقني
Jason Evangelho 🐧🎒@wimpy I want to boost this…
Liam @ GamingOnLinux 🐧🎮@wimpy @killyourfm Sure would be a shame if I did it too....with how many followers I have huh
Mister Moo 🐮@wimpy I agree this should be fixed, but what a horribly-written article this is. You have to wade through multiple paragraph blocks just to get to the main technical issue.
apostrophe bastard@MisterMoo @wimpy It's as if someone read a definition of "clickbait" and decided to make it even baitier.
jwz@wimpy I wrote about this problem two years ago and there has been no movement toward a fix or even mitigation from the Mastodon developers. https://jwz.org/b/yj6w
BTW, everyone who knee-jerk replies to this with "LOL get a CDN" is saying: "I expect all web sites to be run by dedicated professionals, so that my social network can be run by amateur hobbyists".
Mastodon stampede
"Federation" now apparently means "DDoS yourself." Every time I do a new blog post, within a second I have over a thousand simultaneous hits of that URL on my web server from unique IPs. Load goes over 100, and mariadb stops responding. The server is basically unusable for 30 to 60 seconds until the stampede of Mastodons slows down. Presumably each of those IPs is an instance, none of which ...
JoYo
XorOwl@wimpy interesting. Embedded links overloading servers.
Sounds at least a little bit like suffering from success
-> @haileys.quest@wimpy Mastodon is secretly a bot net. If Eugen wanted to shut down a website, he'd just start spamming links to it, he's followed by like every Mastodon user ever...
A legal professional I follow has experienced this with her website, too, and I think she's just stopped linking to it to stop her site from crashing.
As badly written as the article is, it's a real problem and a real threat.
A legal professional I follow has experienced this with her website, too, and I think she's just stopped linking to it to stop her site from crashing.
As badly written as the article is, it's a real problem and a real threat.
@wimpy @gamingonlinux is it an April 1st article published a month later (May 1st) 🤔
benni@wimpy sollte man das nicht mit einem geschickt konfigurierten cache lösen können?
Fritzy 🌯@wimpy That was an obnoxious read. Is this his journal? I get the technical issues, although he doesn't describe a scale which should be a problem for static content.
nick@wimpy Are we the baddies?
Passageiro clandestinoMastodon stampede
"Federation" now apparently means "DDoS yourself." Every time I do a new blog post, within a second I have over a thousand simultaneous hits of that URL on my web server from unique IPs. Load goes over 100, and mariadb stops responding. The server is basically unusable for 30 to 60 seconds until the stampede of Mastodons slows down. Presumably each of those IPs is an instance, none of which ...
Cauê@wimpy Should I boost it or not? Now I'm confused. :(
Andreas🤦♂️
They should talk to @troyhunt and how to correctly use caches
"Yep, we just hit "five nines" of cache hit ratio on Pwned Passwords being 99.999%. ..., let's talk about how we've managed to only have two requests in a million hit the origin..."
https://www.troyhunt.com/to-infinity-and-beyond-with-cloudflare-cache-reserve/
To Infinity and Beyond, with Cloudflare Cache Reserve
What if I told you... that you could run a website from behind Cloudflare and only have 385 daily requests miss their cache and go through to the origin service? No biggy, unless... that was out of a total of more than 166M requests in the same period: Yep, we
Christopher Snowhill@wimpy You mean your web server can't handle 15k simultaneous requests? What good is a multi-gig uplink if you can't saturate it occasionally?
@wimpy And I sort of mean this with a /s. I am hosting my instance on a 35M residential upstream, with a caching tunnel in front of it.
Orion 🏴☠️🐾⎇ 🔜 EF30@wimpy I kinda wanna see what we're dealing with here, so there it goes
casually uses your post as a relay
@wimpy Welp, it was a decent spike (about 1K requests) but my server didn't really mind (for reference I'm hosting this on a phone from 2018)
But I am using a static site generator, so that definitely helps
Kirinn B.@wimpy Sounds like a valid technical issue to me. I wonder, if one didn't have a CDN, how to best avoid bandwidth overload in case of an unexpected popular linkback...
Probably the link would have to point to a pretty minimal page, the more static the better. Something like https://motherfuckingwebsite.com/ or its even sleeker derivatives.
Stefan H.@wimpy While i have sympathy for them I think this mainly displays shortsightedness in their traffic scaleability.
You could host those open graph images on dedicated edge nodes which are far faster, infinitely scaleable and are made for entirely this purpose. Static content doesn't need to sit on a monolithic server, which I'm guessing is what they're doing since I can't think of another scenario where a 100mb download would shut down the entire site, not just the image cdn
You could host those open graph images on dedicated edge nodes which are far faster, infinitely scaleable and are made for entirely this purpose. Static content doesn't need to sit on a monolithic server, which I'm guessing is what they're doing since I can't think of another scenario where a 100mb download would shut down the entire site, not just the image cdn
Tom BortelsSo - "we use cloudflare and their CDN" plus the given 114mb of data served in 5 minutes says - very loudly - that their CDN isn't working correctly. Not to be dismissive, but that's not all that much data. My guess is that either the CDN portion is misconfigured or there's some sort of cache-busting going on (likely for ad revenue - there were a lot of ads on the linked page, even with my adblocker). Either way - a call or email to Cloudflare's support folks is the right path. They can look, confirm things are set up right and help fix it if they're not, and provide real guidance for handling bursty load like "we got linked to and are mega-popular for a couple of hours".
jamespthomas
Gary "grim" Kramlich@wimpy True story, I submitted a project to https://nlnet.nl/ whose goal is to fix this and provide a service that I can use in @pidgin 3 and they rejected it without asking any questions.
Haven't gotten to the point of needed it yet for Pidgin 3 but that day keeps getting closer and closer.
That said I've been brainstorming with a friend who did a bunch of work on the openembed stuff in synapse, the python based matrix homeserver which as you would have guessed as a similar issue.
bit101@wimpy And now everyone on mastodon is sharing it.
Joe ❌👑@wimpy The replies to this are obnoxious. As @jwz has pointed out, this is a real problem, but lots of people are calling this person names, saying he should fix his site, to work around a wasteful Mastodon inefficiency. It's a bug and it needs to be fixed; we shouldn't be generating tens of thousands of requests to make the link preview. It could be generated once and the image could be shared, or it could be cached in some other way.
There is a workaround, sort of. When linking to someone's site, if an image is included in the post a link preview image won't be generated.
Braw ☕🏳️🌈@not2b if you generate it once, you will then have one instance generate something obscene and then that'll propagate across the fediverse. See bluesky for example where preview is generated and attached to the post on the client which allows to create fake links and embeds. This is not something you'd want.
nil 
Finnley Dolfin
soapone@wimpy
Yeah, thats not the only issue with activitypub and federation.
apparently people can set up fake followers on a fake instance pretty easily with some scripts. with an account on a servery they wish to DoS attack, all they have to do is post something. a copy of the post is sent to every single follower, rather than one copy sent to each server that has the followers.
Yeah, thats not the only issue with activitypub and federation.
apparently people can set up fake followers on a fake instance pretty easily with some scripts. with an account on a servery they wish to DoS attack, all they have to do is post something. a copy of the post is sent to every single follower, rather than one copy sent to each server that has the followers.