Infosec.pub scheduled downtime
Infosec.pub will be down for maintenance on Monday, July 1 2024, from approximately 10am until 1pm Eastern Time. I will be upgrading to the latest version of Lemmy, which requires an upgrade to postgres.
It’s your browser. Infosec.exchange is alive and well.
I will see if this is a know issue with lemmy
I am still here. Just don’t post much. I unblocked feddit.nl. It was quite problematic in the past but willing to try again.
I will take a closer look, but I strongly suspect this is the result of overly aggressive filtering to avoid xss
You can see the details on user counts here: https://fedidb.org/network/instance/infosec.pub.
There are about 450 active accounts.
It’s hard to pin down the memory and CPU usage, as it’s running on a very large pair of AMD servers that host many sites. I posted the details of those servers are in the thread below. Prior to moving to this server, I was running the instance on a single 16 core AMD system with 64GB of ram.
Disk wise, it uses about 500GB. Overall, it is pretty efficient, particularly compared to kbin/mbin, however I think those are tough to compare against, since they have streaming updates and a heavier user interface.
My server bill is about $3000 per month, but that includes Infosec.exchange, which is a very large instance with about 17000 active users.
ok - infosec.pub is now running on my main infrastructure - a 48 core/96 thread AMD epyc zen4 genoa with 256GB of DDR5 ECC ram and 2x4TB nvme SSDs, backed by a dedicated database server with the exact same specs, on a 10gbps network.
Infosec.pub downtime for maintenance
Hello everyone. I will be taking infosec.pub offline for a while today to move the instance to a new, larger server.
Hello - I will take a look. There isn’t an obvious problem
What site is the “loud extremists”?
I block instances that are the source of issues - shitjustworks caused a river of complaints - I don’t think I’ve seen any from the others.
Changes to Infosec.pub
I am going to be disabling image uploads and image serving, moving to moderated signups, and instituting some extensive block lists on infosec.pub due to the pervasive problems with CSAM attacks on lemmy instances.
No, it’s not happened to any of our instances yet, but I don’t need that headache. And if anyone does, I promise you that I will make it my life’s mission to see that those responsible are convicted and rotting in prison where they belong. ❤️
Edit: h/t to @infosec_jcp for pointing out the problem to me.
I block them as they come up as problematic. There isn’t a handy list of instances to block like in mastodon. I will block those others.
I appreciate the offer and will likely make a call for more help soon.
Please don’t enable 2FA
2FA in lemmy doesn’t work reliably yet. Please don’t enable it or you will almost certainly get locked out.
Note: it makes me sad to post this.
Blocking sh.itjust.works
Hi all. I am going to implement a block for sh.itjust.works. I am going to need years of therapy from all the nasty crap coming from that instance.
It’s 100x worse than Mastodon but 100x better than kbin (so far)
it looks like something has been wrong with federation since I applied the patch to fix the vulnerability. I am investigating...
ok - we are back in business with the fix applied. I am guessing that there will be many more issues like this. Hold on to your butts...
Federation and new community creaton is disabled
Hi all. I’ve disabled new community creation and federation until there is a fix for the latest vulnerability
I’ve turned off federation and the ability to create new communities until a fix is released.
Vulnerability fixed
As some have pointed out, there was a serious xss vulnerability in lemmy disclosed yesterday. The Lemmy team released a fix a bit ago and I've since patched infosec.pub.
Apologies for the problems
Lemmy and kbin have been... exciting to set up and debug.
There is a new version of lemmy in RC right now that should fix most of the issues we've been seeing, or at least give error messages that indicate what is going on.