Notices by Codeberg.org (codeberg@social.anoxinon.de)

Due to an increased inrush of spam, registrations are temporarily unavailable at Codeberg until the situation calms down. We apologize for the inconvenience.

We are going to update to Forgejo v11 tonight. We expect a brief interruption during the migration process. Our tests showed that everything should be back within a few minutes, though.

You can read more about the release on https://forgejo.org/2025-04-release-v11-0/

@organicmaps A lot of people seem to suggest you to move to an instance of Forgejo or even Codeberg. We hope you are not overwhelmed or annoyed by this, and wish you all the best for returning back to work with your project ASAP.

If you indeed consider moving to #Forgejo or #Codeberg in the future, feel free to add your project to https://codeberg.org/forgejo-contrib/moving-to-forgejo/ and let us know if we can be of any assistance to you.

@mokazemi Redict is probably more "traditional", less features but it does the job we need it for (being a key-value-cache).
Valkey is probably more modern and has more active development, but nothing that seems to matter to us.
Redict is developed at Codeberg, where Valkey has been created on GitHub, that is part of the motivation for us. It allows contributions by people who use free software, whereas valkey contributors are required to use proprietary software.

@art_codesmith Because Redis it is no longer free/libre software. See https://github.com/redis/redis/blob/unstable/LICENSE.txt

@art_codesmith
1. It is not free software and breaks the mission of Codeberg. We promise to only run free/libre software and not business code crippleware.
2. It is unlikely that newer versions of Redis will be available in Debian GNU/Linux due to the changed software license, so we might need to migrate anyway sooner or later.

@art_codesmith
There are no open source devs at the table when they choose to no longer publish under an open source software license. They are free to do that and we respect their decision. Please also respect our decision not to use that software any longer, if it is no longer free software.

There are many ways to monetize software. Turning free software into proprietary one is one such thing. But after that switch it is no longer free software. That's it, no need for euphemism.
@phf

Codeberg is going down for scheduled database maintenance. Please enjoy your break.
We expect to be back in a few minutes.

✅ Done: Migration from #Redis to #Redict for caches
⏳ In Progress: Migration from MariaDB to Galera Cluster

Hi everyone, for several hours we are currently fighting with potentially malicious crawling. We are seeing distributed access on Codeberg that could have been crawling, however it seems to only use the most expensive routes. And each time we block an access pattern, a new one pops up immediately.

We are doing our best to keep the performance up.

We have found a solution together with @as9136 that will likely provide sufficient protection for IPv4 users, and we have a good idea how a long-term setup can look like (but it will take a while to get there). Thanks a lot for all the networking and support!

The switch is awaiting DNS propagation (pending for > 30 minutes already, and might take another hour for some users. And indeed, we are not happy with the service quality of #namesilo).

@zeh
Thank you for the offer, and the service sounds really interesting as an alternative to Cloudflare, especially for smaller-scale websites.
Unfortunately, having a third-party decrypt traffic to Codeberg is currently a no-go and it looks like their service mostly relies on that.

However, we are receiving some help setting up network-level DDoS protection and more is in preparation, so we're confident we'll find an alternative soon.
@silverfish

@silverfish Well, using cloudflare would kinda mean giving up on all our ideals:

- no big corporate services, everything under our control
- privacy by default, but Cloudflare likes to decrypt traffic in the middle
- no proprietary dependencies, everything runs using free/libre software

However, we have currently used DDoS mitigation from a smaller provider that does not do man in the middle sniffing, so we only had to sacrifice partially using non-free software for a while. ~f

We are currently suffering from another network-level DDoS attack, connectivity via IPv4 is impacted.

If you are able to use IPv6 you should be able to have good connectivity to Codeberg.

We are currently working on a DDoS mitigation solution for the IPv4 route.

@ika If you have an example of far-left attacks on Codeberg, please let us know to abuse@codeberg.org.

We have finally reached a somewhat stable level of operation. In the past hours, we managed to partially restore service, but mostly managed to do so only for a subset of our users (due to DNS propagation delays and IPv6 vs IPv4 connectivity differences).

Currentely, Codeberg is available for all the situations we monitor for, and we expect that most connectivity issues will be resolved soon after all DNS caches clear.

We appreciate all the love and support we receive from you, thank you so much.

However, the sad story is, that this day was a massive disruption for most people who develop software on a serious level on Codeberg, from large Free/libre software projects to companies and freelancers, and we are sorry about this.

We acknowledge if this makes you want to move elsewhere, but we're of course happy about everyone who can stay ❤️.

Bad news: DDoS has followed to the new location.
Good news: There, we have at least basic DDoS protection.
Bad news: The server is still unreachable.

We have received first numbers. The DDoS is apparently about 11Gbit/s over UDP traffic currently.

🔔 Heads-Up: Notification emails generated today won't be sent. If you require someone's attention, please ping them again. If you tried to register, please sign in and re-send your activation email (or re-register your account in case it was pruned due to the pending activation).

We were still struggling with email delivery from Forgejo. It looks like some queues are corrupted and restoring them is very hard. Most queued messages are spam or registration emails with already expired tokens. Finally, we made the decision to reset the queue and will do that in a few minutes.

We are using the opportunity to switch the queues to #redict / #redis, which was a planned project anyway (a requirement for clustering our Forgejo to multiple instances).