this post was submitted on 15 Jul 2023
341 points (99.4% liked)

Fediverse

17688 readers
12 users here now

A community dedicated to fediverse news and discussion.

Fediverse is a portmanteau of "federation" and "universe".

Getting started on Fediverse;

founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 1 year ago* (last edited 1 year ago) (1 children)

I think this might be interesting:

  • permit separate, low-traffic, highly rate-limited, auth-only servers. They would be strictly rate-limited and only accept connections from whitelisted partner servers, because they only handle auth.
  • any partner server can authenticate a user and handle content for the server/auth-server pair, but only does so under certain conditions (determined by the partner - all the time, when ping api call > n seconds, or manually, for example)
  • [email protected] can't log in, so the client tries the list of partnered servers. user succeeds at lemmy.partner.net.
  • [email protected]@partner.net says.. '..something' and all other servers accept it as being from [email protected]
  • lemmy.world recovers,, and claims all of the @[email protected] posts. Partners then forget the extra stuff they've been hosting.
[–] [email protected] 5 points 1 year ago* (last edited 1 year ago) (1 children)

The problem with these types of redundancy schemes is that it simply takes a Internet backbone hiccough (or AWS fuck up) to cause there to be multiple primaries (i.e. lemmy.world is online still, but some portion of the internet can't see it, so a replica promotes itself to primary, people use both, how do you reconcile it).

This is not even beginning to talk about the nightmare scenarios possible if someone hacks a replica.

Edit: Still, this is a good thought and similar to how some actual software packages do things.

[–] [email protected] 3 points 1 year ago

A lot of those issues of 'multiple primaries' can be resolved with intelligent data types and actions. That is, if we have a notion of how the data is organized, a lot of decisions can be made a priori. Ones that can't can be read-only during a split.

Comment groups are mergeable sets. Any unique comment is a valid comment.

For any individual comment, any tombstone causes a comment to be unseeable (and ideally be deleted). Any edits are latest-wins.

A lot can be sorted out that way - enough to be usable. Some databases even support that on a db level.