This actually gets me thinking… Is anyone actually working on an aids vaccine? Maybe mRNA could do something there, theoretically it should be able to grant pretty much any type of immunity you can have naturally

Oh, the global economy is going to break regardless. China is physically and economically collapsing right now, and it’s going to have huge knock-on effects

Meanwhile, we still don’t even have a consensus that long COVID is a thing. I definitely feel slightly foggier long after the fact, it seems to me that it might be less about COVID doing something special - maybe all illnesses chip away at long-term health, and COVID put a lot of people in a state much worse than the flu and got us thinking about it.

Or maybe COVID has unique mechanisms, but it seems to me there’s an assumption - why do we assume that once we recover, we get all the way better? If anything, I think it might be the opposite - there’s plenty of people in my life who never felt the same after getting an illness, but no one talks about it in a unified enough way to give it a name

So what’s going on is the adversaries continuously hitting the lemmy.world server. On its own, a DDOS like that would be manageable - they’re much more defeatable these days

But they found request paths that run expensive db functions, giving them enough bang for their buck to make an impact, even tucked behind cloudflare.

As for mitigation, cloudflare and a larger server help, but ultimately lemmy needs some refactoring - right now it’s very liberal with the database calls. It needs to divide those up and get more granular with API calls, look at what can be optimized on the DB side, maybe do some caching/memoization… Basically, it needs to become a more mature piece of software in a hurry

Going further, there’s things like horizontal scaling - there’s even thoughts of how we could leverage the nature of the fediverse to share the load through federation.

I’m a dev, I don’t know much about administration so I’m not sure how you could help, but there’s plenty of work to go around. I think a database expert would be the most useful right now.

There’s messing with configs to tune everything for better performance - that’s out of my expertise, but I’m under the impression that there’s some significant gains to be had there

If it’s in your wheelhouse, you could look at different technologies that might give better performance - the current stack seems like it was chosen mostly with ease of development in mind, if you could make a strong argument for changing some of it out it might get traction.

As far as cyber security in general, if you want to get started - step 1 is basically locking things down, and then setting up monitoring tools and getting experience with them. Basically reading logs taken to the next level. I’m pretty sure they have that handled here, but this problem will never go away

I have an interesting protocol for this.

Moonlight rituals. The idea is, you get a bunch of people together, say 20-50, in the same place at the same time. Everyone opens an app, and it takes control of the screens and gives semi-random actions - like hold up your phone to the user to the left of you, get everyone in a circle with phone screens on your chest and walk forward, enter the middle of the circle and slowly spin around, hold it up to take a picture of the moon…

The idea is, you constantly change the screen, take synchronized pictures, record audio, get flickers in gps signals, record fluctuations in the magnomiter.

The idea is to synchronize everything with millisecond precision, randomly take snapshots both across the group and between groups, and use all this to corroborate the fact that there was one user per phone present at this point in space and time. By using reality to generate enormously complex data sets, you can make it arbitrarily difficult to simulate, and doing it in real time could use cheap hardware and require processing orders of magnitude faster to spoof.

Doesn’t matter how much processing you throw at it - a system like this would theoretically be able to measure gravity waves and stellar radiation - no way you to measure that and adjust your data before you time out the recording window

On top of nodes doing all this, you’d build a web of trust with random nodes spot-checking each other.

It’s crazy and impractical, but I love the idea just because it’s turning technology to magic - making group rituals to authenticate is just such a fun concept to me