Update 1: This is an issue with cloudflare, we are having issues with the account that hosts the site, we are contacting cloudflare support about the issue.
Update 2: we have switched s3 providers and images should be working again, older images may be missing, we will have to do a merge with the old s3 storage backup into the new provider, we plan to do this soon, but all new images will work as expected, sorry for the issues and thanks for your patience and kindness while we were working on the fix
Update 3: we have created a new ticket with cloudflare support with more information so that hopefully they take this issue more seriously.
For those experiencing issues uploading pictures, that is a separate issue we were not aware of until yesterday, that should be fixed now
EDIT: Federation issues:
It seems like federation is working now and the issues with photo uploading and admin settings getting 500 errors was also causing federation issues. Some posts were, to my understanding, in a federation window that has passed so the data is no longer there to be federated to our instance but future posts should federate properly. Please let me know if you see any other more recent posts that aren’t federating properly.
Update 4: We finally got access to our cloudflare r2 bucket! we are currently re-importing the old images, this will take some time though, potentially a few days. We appreciate everyone taking this issue in stride and continuing to use the site while we dealt with this! Everything should (hopefully) all be restore in a few days!
I'm just going to include a section from the patch notes for Lemmy version 0.19.4.
For the issue at hand, it appears to be related to Cloudflare based on the 403 error message when tying to view an image.
Sure, the visible symptom of the issue is cloudflare blocking the image proxy, probably with good reason, since the explanation is absurd (except for the deanonymization part, which is just schizophrenically paranoid; no one cares enough about who's looking at some random image to waste their time setting that up), but the unnecessary and nonconsensual meddling with the urls is the root cause.
We're talking Lemmy here. As great as federation is, small self hosted instance servers will always provide less performance and get overloaded faster than whatever CDN the site the user is linking to is using, so that argument is evidently fallacious.
(Plus, the option to host the image on the instance server has always been there: just download the fucking image from wherever you found it and upload it to the fucking instance. If anything, what this does is take away that choice from the user, leaving us with the “choice” to upload the image... or have it silently uploaded for us anyway.)
Let's be serious, the only reasonable motive behind this (especially when you take into account the devs' notorious ideology) is to be able to better control what the users post.
The deanonymization bit falls by its own weight, since, sure, the original hoster can't see who's loading the image (not that they ever cared to to start with), but now the instance admins (and / or the devs) can. Nothing is ever anonymous in the cloud, for fucks sake. Again, this is just taking away the choice of who to trust, and making lemmy look like the most untrustworthy option in the process.
The most important part, though, is that by highjacking the image hosting without the user's knowledge (and against the user's will, since, again, we could always choose to host the image on the instance, and this applies specifically to the case where the user did not intend to host it here), the instance (and / or the devs) gets control over what image gets actually served.
Enshittification happens. Every single image in the cloud will, sooner or later, be replaced with an ad. That's as certain as the third law of thermodynamics. When you link to a cloud hosted image, you're (mis)placing your trust on the hoster to keep serving that version of the image for the foreseeable future. Maybe I trust the lemmy instance more than the original site, in which case I'll upload the image. Maybe I trust the site more, in which case I'll link it. Maybe I trust neither, and I'll self-host the image, and link it (which is almost certainly the best option for people posting images of themselves, as is the main intended case for lemmynsfw).
But those two later options are now gone. Stolen from us, the users. And, obviously, I (and hopefully most other users) no longer trust the instance, or lemmy. Now the instance (and / or the devs) always has the option to change the image, instead of only when we misplaced our trust on them.
Plus, as the current kerfuffle so evidently shows, it adds a completely unnecessary extra point of failure.
The images would work perfectly if they weren't being shoveled through a hostile proxy no one asked for which is being blocked by cloudflare, probably with good reason.
The lemmynsfw admins could trivially solve the issue for newly linked images by disabling this stupid malicious option (already uploaded ones would probably require fixing the mangled urls at the database level, which is the least that they deserve for having enabled it in the first place), but they're not, they're trying to get cloudflare to fix it, a well known sisyphean task, i.e., an evident waste of everyone's time.
But they're not, so they clearly want to keep the proxy, the very root of the problem.
The whole thing is therefore not only malicious, but profoundly stupid, and depressing.
Just like good old reddit. 🤢
That is not the issue, we are having issues with our cloudflare account and our S3 bucket, we are in contact with support and working on a fix. You are making wild assumptions.
Some people demand a lot. I think most of us are happy just knowing whats going on.
Any way thanks!
Dude, I'm just asking them to apply the obvious fix and stop messing with people's posts.
If you think that's a lot you have a serious case of Stockholm syndrome.
Though, to be fair, given the current massively enshittified state of the internet and the world in general, who doesn't, I guess.
If it's so obvious, feel free to make your own instance and run it how you want
I don't care enough about the fediverse to waste my time on that, and if I did I'd probably go with piefed anyway.
In any case, as I said in another post you can trivially check for yourself how removing the proxy fixes the issue (in short, grab the url from any image posted in the frontpage or wherever, remove the proxy bits and fix the encoding, and it'll work without any issues).
Yet you care enough to type multiple college length comments just about your paranoia. Either do something about your bitching or shut up already.
Can we not attack people offering constructive criticism? I get they didn't offer a spoonful of sugar to help the medicine go down, but I value dissent even if you don't.
Paragraphs are easier than hosting an entire instance and it's weird you don't realize that or are hand-waving it to serve your personal attack.
I work in software and manage hosted services myself, for personal and professional purposes. Once set up, it's pretty easy. It's once an issue like this arises that it can become a bit of a nightmare. What I'm going on about is the dude putting in well over an hour, at least, of typing about his little conspiracy theory. Could something sketchy be happening? Yes. Is it likely? No.
Do you realize the first half of your comment equates to, "It's easy for an expert like myself, so it's easy for everyone?"
I would be shocked if it took them "well over an hour" to write that comment. I'd bet fifteen minutes or so.
That's not the only comment he left on this post.. And that's not how my comment is meant to be read. More a "Once you get it set up, it runs itself." doesn't matter your skill level. I mention my experience to give credit to my perspective, since I've been a dumbass at this stuff before, so know how it is.