Looks like there has been a fair bit of discussion about the architecture of Mastodon previews and “DDoS-ing” web sites:
-
Emelia 👸🏻replied to Zach Leatherman :11ty: last edited by
@zachleat there's ongoing work to improve the situation
-
Zach Leatherman :11ty:replied to William O'Connell last edited by
@williamoconnell I’d assume that is just a timing issue between writing of the blog post and the rollout of the 60s “jitter” addition—a temporary mitigation for sure.
Mastodon *could* upload the preview as an asset sidecar’d with the post, similar to any image upload.
-
Zach Leatherman :11ty:replied to Emelia 👸🏻 last edited by
@thisismissem great!
For the record I’m mostly surprised that sites are being taken down by this level of concurrency
-
Flakireplied to Zach Leatherman :11ty: last edited by
@thisismissem would you happen to have a link to the issue/discussions perhaps, I'd be interested to see what's happening to try to address this?
@zachleat -
Zach Leatherman :11ty:replied to Flaki last edited by
@flaki @thisismissem https://github.com/mastodon/mastodon/issues/23662 is the one you want, I think!
-
John Hobbsreplied to Zach Leatherman :11ty: last edited by
@zachleat I would think with session reuse you wouldn't pay that TLS connection cost constantly. Also I imagine OpenSSL/BoringSSL has improved in the last seven years, and more cryptographic operations are done in CPU now then back then.
That said I don't think I'd run anything without a caching server in front anymore, unless it was very server interactive and would miss constantly. Varnish did amazing things at Flywheel.
-
Zach Leatherman :11ty:replied to John Hobbs last edited by
@jmhobbs great insight, thank you!
As a side note I think I’ve seen some of these caching defaults play out at the serverless platform level recently: https://www.zachleat.com/web/serverless-cost/ Some platforms are born from use cases that are intensely personalized, not heavily cached.