• Dr. Moose@lemmy.world
    link
    fedilink
    English
    arrow-up
    188
    arrow-down
    5
    ·
    1 year ago

    the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.

    • Wispy2891@lemmy.world
      link
      fedilink
      English
      arrow-up
      60
      ·
      1 year ago

      If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”

      • steltek
        link
        fedilink
        English
        arrow-up
        35
        ·
        1 year ago

        Renewal costs are my primary consideration when picking domains. Subscription fees is how your money disappears when you’re not looking.

        • Corkyskog@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Anyone know how companies get the rights to domains to sell in the first place? Do they literally submit a list of all domains to ICANN or something? Sorry if this is a stupid question, I just never understood how any of this really works.

          • steltek
            link
            fedilink
            English
            arrow-up
            15
            ·
            1 year ago

            TLD - Top Level Domain (.com .ml .whatever)

            Registrar - NameCheap, PorkBun, etc. Submits your domain.TLD request to a Registry

            Registry - Maintains the list of domains for a specific TLD and the server infrastructure to run the TLD

            ICANN - Decides who can be a Registry and for which TLD. Not involved in the nitty gritty of individual domain names.

          • emergencyfood@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            ICANN hands out top-level domains (TLDs - such as .com, .org and .ml), either to organisations or government agencies. They, in turn, hand out secondary domains to companies or regional organisations. For example, the TLD .jp belongs to the Japanese government and is operated by an agency called Japan Registry Services. In turn, it hand out the .tokyo.jp secondary domain to the Tokyo Metropolitan government. They, in turn, manage domains for various departments, wards, etc.

            But individuals and businesses in Tokyo can also use the .tokyo TLD, which is owned by a private company called GMO Internet Group. And of course anyone can use .com or .org, although you may have tp pay a pretty big fee.

  • db2@lemmy.one
    link
    fedilink
    English
    arrow-up
    144
    arrow-down
    2
    ·
    1 year ago

    This brings a disturbing thought to mind… if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        That’s an assumption that lemmy will quit federating with a server that does not match.

        And what signature are we talking about anyway? Is not certificates…

        • Wander@yiffit.net
          link
          fedilink
          English
          arrow-up
          17
          ·
          1 year ago

          Activitypub signatures that each user and group sends out their messages with.

              • Saik0@lemmy.saik0.com
                link
                fedilink
                English
                arrow-up
                1
                ·
                1 year ago

                So looking at that spec… Nothing there is validation that current messages originate from an “original” server…

                I don’t think either of these signature options for Server to Server communications means that my current lemmy.saik0.com instance can’t be torn down (delete LXC container) and reconfigured as a brand new instance (New LXC container) and other instances wouldn’t know that there’s been a change to the instance running here… or more accurately would flag a change. I think these signatures are all about not being able to spoof OTHER instances. eg, lemmy.ml can’t send messages on behalf of lemmy.world.

                • priapus@sh.itjust.works
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  1 year ago

                  I assumed that once federated the public key would be remembered and signatures that do not match it would be handled, but you may be correct. I do wonder whether this could be a problem as instances close down over time. I’ll have to spend some more time researching to see if there’s a more clear answer, or if any ActivityPub implementations have their own way of handling that situation.

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      71
      arrow-down
      8
      ·
      1 year ago

      This is why you don’t let your domain registration lapse. It’s not the only way computers on the internet verify each other’s identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.

      • finn@lemmy.world
        link
        fedilink
        English
        arrow-up
        71
        arrow-down
        4
        ·
        1 year ago

        Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!

        • redcalcium@c.calciumlabs.com
          link
          fedilink
          English
          arrow-up
          24
          ·
          1 year ago

          Consider how many system relies on being able to send you an email for verifying your login and performing password reset. Those who have control over your email address domain can trigger password reset for most of online services out there. Imagine if Google forgot to renew gmail.com and it falls to a wrong hands.

        • mle@feddit.de
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          Yes, but it is very quick and cheap to get a domain validated cert from a CA that is generally trusted by most web browsers, so once the bad actor has the domain, the should be able to trick most users, only maybe certificate pinning might help, but that is not widely used.

        • lolcatnip@reddthat.com
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          Email is tied to domains. TLS is tied to domains. CORS is tied to domains. OAuth is tied to domains. Those are just four things I can think of while half asleep. Here’s one recent example of how screwing up a domain name is enough by itself to cause a security breach.

          Cryptography is not security any more than domain names are; both are facets of how security is implemented but there’s no one system that makes the Internet secure.

    • hemmes@lemmy.world
      link
      fedilink
      English
      arrow-up
      32
      ·
      1 year ago

      ICANN has an Expired Registration Recovery Policy (ERRP) that requires your registrar to give your domain a 30-day grace period before deleting the records. ERRP also requires them to shutdown your DNS resolutions 8 days before deletion.

      You’d have to be really mismanaging your domain if you miss all the required email reminders and don’t notice your domain has been non functional for a couple of days.

    • Ddhuud@lemmynsfw.com
      link
      fedilink
      English
      arrow-up
      48
      arrow-down
      3
      ·
      1 year ago

      It’s one of the 5 TLD (now 4 I guess) that are free. The others being .tk, .ga, .cf and .gq

      We need free TLDs.

    • RFBurns@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      3
      ·
      1 year ago

      I wonder if it was done on purpose after it came out that the Pentagon had typo’d “.ml” instead of ‘.mil’ and exposed a lot of sensitive emails…

      • 100
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        1
        ·
        1 year ago

        Highly doubtful much of anything majorly sensitive got leaked. Firstly even unclassified DoD emails are encrypted by default. Secondly anything classified isn’t even on a network that can talk to normal email, it’s either 100% point to point encrypted or on an airgapped network. If I hopped on SIPR (DoD Secret-level internet) and emailed a normal email address it simply wouldn’t work.

        • AphoticDev@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          1 year ago

          That doesn’t stop somebody from being an idiot and mentioning something classified in clearnet communications. Never underestimate the power of stupidity.

        • killa44@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          arrow-down
          1
          ·
          1 year ago

          Ehhhhh, you’re missing the human element. Humans do dumb shit all the time. You can’t stop someone from reading something with their eyeballs, remembering it in their meat brain, and using their sausage fingers to type it back into something unsecured. Odds are still low of course, but I wouldn’t be so confident.

  • hitagi@ani.social
    link
    fedilink
    English
    arrow-up
    105
    arrow-down
    1
    ·
    edit-2
    1 year ago

    Out of curiosity, other than fmhy.ml, lemmy.ml, and lemmygrad.ml, what other Lemmy instances were using .ml domains? Also, how are the latter two still running but fmhy.ml isn’t?

    edit: This has triggered a chain of comments I wasn’t expecting. I’d appreciate it if someone can answer on a technical level. Is the latter two using a different registrar or name server which is why it still works for them?

          • hemmes@lemmy.world
            link
            fedilink
            English
            arrow-up
            12
            arrow-down
            46
            ·
            1 year ago

            Hey now, what’s with all the logic and stuff. We only allowing jumping to conclusions around these parts, you should know better than that.

            /s

            • sciawp
              link
              fedilink
              English
              arrow-up
              50
              arrow-down
              1
              ·
              1 year ago

              It’s not jumping to conclusions; it’s actually pretty well-known. The devs and their instance are very open about being Marxist-Leninists.

              I don’t see how machine learning is related to Lemmy in any way

              • hemmes@lemmy.world
                link
                fedilink
                English
                arrow-up
                6
                arrow-down
                31
                ·
                edit-2
                1 year ago

                Okay, fair enough. So…we getting back to Lemmy now?

                Edit:

                It really is an interesting social experiment when talking in neutral tones about people with communist beliefs. So I said are we getting back to Lemmy now and I get a battering of downvotes, okay I struck a nerve, but why? I’m pretty “far left” in my beliefs but we are all here aren’t we?

                It’s just interesting to see people say “well you can change instances!” Yeah, but the devs are still the devs - just because they’re not running those instances doesn’t mean they’re not the father or grandfather of those alternate instances. So your beliefs make you take a stance on the instance you choose, but not the software? How do you reconcile that?

                As far as the developers go, I think they created a great piece of software, but I trust the open source community to vet like they always do with all open source software, let’s see where this goes. I think the developers want to see the world in a way that just isn’t compatible with our current evolutionary state. They stated that they have their beliefs, and what they expect of their communities is kindness, and consideration towards others. So far, I’m good with that.

                I mean, the concepts of Marxism are actually quite noble. But there’s no doubt about it. The system fails because the people never end up in control, it simply doesn’t work. I just feel these devs simply live in the clouds too much and are not grounded in reality. I’m not sure how old they are, but they may not have lived enough life to realize we’re not a people evolved enough to support a true balanced socialist lifestyle - the best we can do is try to interject social programs into our capitalist lifestyle, as it is today, to fill the gaps that a capitalist society leaves behind.

        • Dr. Moose@lemmy.world
          link
          fedilink
          English
          arrow-up
          39
          arrow-down
          16
          ·
          1 year ago

          That’s not true at all. ML was used as an idiological choice as it’s the only free TLD you can get and you should not have to pay for a domain name as per Lemmy’s creators ideology.

          • sciawp
            link
            fedilink
            English
            arrow-up
            37
            ·
            1 year ago

            That’s not true. There are a few other free TLDs. I think five total?

            • couragethebravedog@lemmy.ml
              link
              fedilink
              English
              arrow-up
              19
              arrow-down
              1
              ·
              1 year ago

              Alright, thanks. I’ll look around. I don’t have a problem with it if that’s why they chose ml, I just want to know for sure before I told anyone that. Some people get up in arms about socialism.

                • TheGreenGolem
                  link
                  fedilink
                  English
                  arrow-up
                  22
                  arrow-down
                  2
                  ·
                  edit-2
                  1 year ago

                  Okay, but.
                  Are they Marxist-Leninist? Pro-China? Socialists? Anti-capitalists? Looks like: yes.
                  Was the whole thing founded on the grounds of free, shared things and anti-corporate thinking? Also yes.
                  Do we absolutely know for sure that the ML domain was chosen because of this? No, because the above sources (or any source I ever saw) confirms or denies this claim. (If there is something specifically about the TLD, please share with me.)

                  I’m not saying it stands for Machine Learning. I’m not saying it stands for My Love or Mah Lord. But I also wouldn’t say that it for sure stands for Marxist-Leninist. We can assume, but we don’t know for sure. Maybe it’s because it’s free, maybe it sounds cool, maybe it’s Maybelline. We don’t know this specific aspect of the story. (As far as I’m aware.)

        • BarqsHasBite@lemmy.world
          link
          fedilink
          English
          arrow-up
          42
          arrow-down
          55
          ·
          1 year ago

          I’m going to have to make a copy paste for this:

          .ml stands for Mali.

          .ee stands for Estonia.

          .tv stands for Tuvalu

          Just like .ca stands for Canada.

          • Madbrad200@lemmy.world
            link
            fedilink
            English
            arrow-up
            87
            arrow-down
            4
            ·
            1 year ago

            this is technically true, but it’s not why lemmygrad, ran by full on communists, chose the .ml tld

            • kautau@lemmy.world
              link
              fedilink
              English
              arrow-up
              35
              ·
              edit-2
              1 year ago

              Which ironically, is now failing due to the fault of those in power of that TLD. The fediverse needs to be careful with tld’s they choose. ICAAN exists, but it’s obvious that some domain power is delegated and therefore safer TLDs should be chosen

              • hoshikarakitaridia@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                26
                ·
                1 year ago

                Honestly this might be an unpopular opinion, but I think this literally down to bad luck and this is nothing we have to be prepare for anymore than any other host. Which is an incredibly small amount. It’s not like this shit happens often as there would be a lot of news coverage around it considering the amount of big companies affected, and I frankly think this is very low on the list of priorities of things that lemmy has to keep in mind or address at some point.

                • kautau@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  12
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  I completely agree with you. My point was purely to say that in the future those running parts of the fediverse now need to be more cautious. Now that we know that ICAAN will allow TLD administrators to reclaim these domains, it’s important that TLDs are chosen less about how they look in the moment as a cool URL, and more about their historical integrity of keeping a domain active.

              • icyjiub@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                arrow-down
                1
                ·
                1 year ago

                It’s funny you’re getting down votes for this. ML was literally created as the official formulation of Marxism & Leninism for the USSR by Stalin.

                • boredtortoise
                  link
                  fedilink
                  English
                  arrow-up
                  5
                  arrow-down
                  1
                  ·
                  1 year ago

                  Reactionary Stalin/China/etc stans try to frame themselves as communists and don’t like it when it’s called out. They’re like qanonists with a different cult leader.

            • Gork
              link
              fedilink
              English
              arrow-up
              7
              ·
              1 year ago

              I’m surprised they didn’t use the .su Soviet Union Top Level Domain.

                • sciawp
                  link
                  fedilink
                  English
                  arrow-up
                  16
                  ·
                  1 year ago

                  I can’t believe someone else is having the exact same conversation with the exact same person as me

          • Sentrovasi@kbin.social
            link
            fedilink
            arrow-up
            34
            arrow-down
            6
            ·
            1 year ago

            Yes, it stands for Mali, no, it’s not why lemmygrad used the domain name. Do you think all the services like Grammarly and Bitly are all Libyan services as well? Because I’ve got news that may just blow your mind.

            Please stop copy-pasting ignorance.

      • sciawp
        link
        fedilink
        English
        arrow-up
        60
        arrow-down
        7
        ·
        1 year ago

        I think it’s because ML is a popular shorthand for ‘Marxist-Leninist’ since they mostly seem to be communist servers

        • BarqsHasBite@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          81
          ·
          1 year ago

          .ml stands for Mali.

          .ee stands for Estonia.

          .tv stands for Tuvalu

          Just like .ca stands for Canada.

          • sciawp
            link
            fedilink
            English
            arrow-up
            52
            arrow-down
            1
            ·
            1 year ago

            Thanks, I know what it stands for but I am trying to explain why that particular top-level domain was picked for those lemmy instances

              • sciawp
                link
                fedilink
                English
                arrow-up
                43
                arrow-down
                3
                ·
                1 year ago

                Thats not a rebuttal. The .ml instance is run by Marxist-Leninists

          • EnglishMobster@kbin.social
            link
            fedilink
            arrow-up
            46
            arrow-down
            5
            ·
            1 year ago

            You are technically correct, but surely you must know at this point that’s not at all how domains are used on the internet. Bit.ly isn’t hosted or affiliated with Libya.

            And if you ever doubted that the maintainers of Lemmy are tankies, well have I got a post from you, from the horse’s mouth:

            https://www.reddit.com/r/communism/comments/cqgztr/fuck_the_white_supremacist_reddit_admins_want_me/

            https://web.archive.org/web/20230626055233/https://old.reddit.com/r/communism/comments/cqgztr/fuck_the_white_supremacist_reddit_admins_want_me/

            Hey all, longtime Marxist-leninist, recorder of left audiobooks, and megathread shitposter here.

            Posting this in light of a recent one week Reddit ban I earned for shitting on US police, as I’m sure many of us have gotten in recent weeks.

            So I’ve spent the past few months working on a self hostable, federated, Reddit alternative called Lemmy, and it’s pretty much ready to go. Unlike here we’d have ultimate control over all content, and would never have to self censor.

            Obviously as communists, we agitate where the people are, so we should never abandon Reddit entirely, but it’s been clear to all of us from day one, that communities like this stand on unsteady ground, and could be banned or quarantined at any moment by the white supremacist Reddit admins. This would be both a backup and a potentially better alternative. Moderation abilities are there, as well as a slur filter.

            Raddle isn’t an option obviously since it’s run by this arch anti tankie scum, ziq.

            I wanted to ask ppl here if they’d like me to host an instance, and mod all the current mods here.

            The instance that post mentions at the end became Lemmygrad. Lemmy.ml and Lemmygrad are the same people. They chose “.ml” because they are Marxist-Leninists. They first advertised on /r/communism and that post outright states they’re Marxist-Leninists.

            Thinking they chose .ml because they really like Mali is absolutely ridiculous.

            • redcalcium@c.calciumlabs.com
              link
              fedilink
              English
              arrow-up
              12
              ·
              edit-2
              1 year ago

              A while ago Libya suddenly requires all companies that use .ly domain to have a presence in Libya or have their domain reclaimed by the government. bit.ly (and other internet startups that use .ly domains back then) suddenly found themselves in a precarious position. It was pretty hilarious as .ly TLD was hip back then.

              • sciawp
                link
                fedilink
                English
                arrow-up
                9
                ·
                1 year ago

                I’ve never felt that country TLDs were worth using and this has only cemented that opinion for me

                • redcalcium@c.calciumlabs.com
                  link
                  fedilink
                  English
                  arrow-up
                  10
                  arrow-down
                  1
                  ·
                  1 year ago

                  It was doubly hilarious when the US was at war with Libya, yet the white house spokesperson and us politicians were still tweeting using bit.ly and ow.ly url shorteners.

          • xedrak@kbin.social
            link
            fedilink
            arrow-up
            19
            ·
            1 year ago

            Hey, I didn’t quite get it. Can you copy and paste this reply a few times more? Thanks.

        • Methylman@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          1 year ago

          Lol so one could say they fucked around and have now found out (yes I realize that was a sarcastic answer)

        • Dr. Moose@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          1 year ago

          It’s not anonymous. In fact because it’s free it requires more data to prevent someone from acquiring all of the domain names.

    • hemmes@lemmy.world
      link
      fedilink
      English
      arrow-up
      28
      ·
      edit-2
      1 year ago

      I know a ton about DNS and its technical functionality, not necessarily the regulations guiding registrars, but the technician in me says your TTL (how long other servers wait until asking where xyz.ml points to) hasn’t expired, maybe? Perhaps the government administration process simply hasn’t executed any action against those particular registrars yet?

      I never liked TLDs that are from random islands or less than stable countries and there are so many great TLDs available now, I simply don’t see the reason to use such obscure TLDs just for the marketing factor.

      • hitagi@ani.social
        link
        fedilink
        English
        arrow-up
        13
        ·
        1 year ago

        Thanks for answering. I figured it was a registrar thing. How bad do you think the situation will be for other .ml domains?

        I’m guessing fmhy.ml was using Freenom but lemmy.ml and lemmy.ml were using a different domain registrar, hence the situation right now.

        • hemmes@lemmy.world
          link
          fedilink
          English
          arrow-up
          34
          ·
          1 year ago

          Yeah, not a good situation.

          The main story I found seems to indicate that many government communications have been misdirected due to the typo of .ml instead of the intended .mil - reserved for the US military. 🤦‍♂️ There has been an entrepreneur that holds the contract to manage Mali’s country domain and that’s expiring Monday (24th?). I’m assuming the government is not renewing the contract and will instead be taking over the domains and any related data. He has been collecting some of that data and warning the US government about the issue to no avail…for 10 years.

          Control of the .ML domain will revert on Monday from Zuurbier to Mali’s government, which is closely allied with Russia. When Zuurbier’s 10-year management contract expires, Malian authorities will be able to gather the misdirected emails. The Malian government did not respond to requests for comment.

          Their contents include X-rays and medical data, identity document information, crew lists for ships, staff lists at bases, maps of installations, photos of bases, naval inspection reports, contracts, criminal complaints against personnel, internal investigations into bullying, official travel itineraries, bookings, and tax and financial records.

          ICANN is the body responsible for the gTLD initiative, which gives you names like .social and .world. They are an American non-profit with a multinational committee, handling nearly all of the databases that store our Internet address records, etc., you can be relatively assured that your domain won’t be messed with.

          The instances really have no option here than to test out moving their systems to an alternative domain and “bench test” their migration to discover a path that works or a least come to the conclusion to start all over.

          • sciawp
            link
            fedilink
            English
            arrow-up
            19
            ·
            1 year ago

            Holy shit this is actually kind of a huge story

            • Crismus@lemmy.world
              link
              fedilink
              English
              arrow-up
              13
              ·
              1 year ago

              Totally understandable incompetence from the military.

              I think I only have a few original pages from my service. Most just disappear.

              • hemmes@lemmy.world
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Yeah, they should just block ingress/egress to any .ml. Maybe they keep it open for misinformation campaigns.

      • Gork
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        I never liked TLDs that are from random islands

        I remember reading somewhere that Tuvalu gets like 10% of their entire yearly income from Twitch.

        I now pronounce Twitch as Twitch dot Tuvalu, but I get weird "huh?"s when I say it like that.

    • BarterClub@sh.itjust.worksOP
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      You can see all but posts and comments won’t be on their server until back online that are a few it went down. So I can visit my communities like https://lemmy.fmhy.ml/c/artwork that I mod. I can see it but nothing will happen until it comes back online. That’s what understand at least.

    • sebinspace@lemmy.world
      link
      fedilink
      English
      arrow-up
      83
      arrow-down
      5
      ·
      1 year ago

      Resiliency is the strongpoint.

      If Reddit shuts down, all of Reddit dies.

      Same with Facebook, YouTube, etc. is that highly unlikely? Well, yeah, but still nonzero. The fediverse offers resiliency in this regard, and no one person has the ability to shut it down. Even if all instances decide to shut down, new instances can still be spun up.

      • Aux@lemmy.world
        link
        fedilink
        English
        arrow-up
        41
        arrow-down
        2
        ·
        1 year ago

        If the communities you like to read and post to are down, then Fediverse is effectively down for you. Thus it doesn’t offer any additional resilience, it’s not a P2P system.

        • ඞmir@lemmy.ml
          link
          fedilink
          English
          arrow-up
          22
          arrow-down
          1
          ·
          1 year ago

          Stuff like technology has multiple big communities, I can go to the one on .ml .world or beehaw and still get a lot of content

          • Z4rK@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            1 year ago

            I haven’t learnt all about account federation - through who are you authored to write a comment here with a .ml account? Where are you logged in from?

        • steltek
          link
          fedilink
          English
          arrow-up
          13
          arrow-down
          1
          ·
          1 year ago

          Just because anti-lock brakes fail to work in all scenarios doesn’t mean they’re not still an improvement.

          Lemmy is still up for most people. That is resilience. If you are affected by this outage, then it failed for you in this particular case but that doesn’t mean the mechanisms don’t exist and that they won’t work to your advantage in the future.

        • Valmond@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          arrow-down
          1
          ·
          1 year ago

          True but if you have several interests, hopefully spread over several instances, then there is resilience because if one server crashes, you have at least some other things trucking along.

    • Thief@lemmy.myserv.one
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      1
      ·
      1 year ago

      Would help if users spread out over all the running servers because problem is just a few lemmy servers have all the users. For example the instance I run would be a simple proxy to use for all the content and then would mitigate issues when a big server had problems since just parts of the fediverse would be affected from the users pov.

      • null@slrpnk.net
        link
        fedilink
        English
        arrow-up
        28
        ·
        1 year ago

        I feel like communities are the bigger problem here. And not one that’s easily solved.

        If users from multiple instances come together in communities, those communities are still centralized on a single server. So if something happens to that server, or if your instance defederates with it, the whole community goes with it.

        The alternative would be to have tons of duplicate communities spread over many instances, but that’s a bad user experience.

        • Rikudou_Sage@lemmings.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          1 year ago

          I think it can continue even without the source server? Like, once I press the Reply button on this comment, it gets saved to my instance (lemmings.world) then it lets all the other instances know, including lemmy.world (where the community is hosted) and slrpnk.net where you are registered.

          Now let’s say lemmy.world stops existing, my instance still would let all the other instances it federates with know, meaning you could read my reply on a community that basically no longer exists. Though I’m pretty sure there are downsides to that (like, what if all the mods were from lemmy.world? There’s no admin who can add a new mod).

          At least that’s what I think it works like.

          • miles@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            1 year ago

            meaning you could read my reply on a community that basically no longer exists

            oh really? does it actually work this way? if lemmy.world dies, can all its communities continue to live on as long as there are lemmy instances out there federated and subscribed?

            • Illecors@lemmy.cafe
              link
              fedilink
              English
              arrow-up
              10
              ·
              1 year ago

              No. You would only ever be interacting with a snapshot-at-the-time-of-death of the community on your local instance only. It is the home instance of the community that federates all events, not the instance of the originating post/comment/vote/whathaveyou.

              • miles@lemmy.world
                link
                fedilink
                English
                arrow-up
                3
                ·
                edit-2
                1 year ago

                Ah, ok. So if lemmy.world dies, but !somecommunity@lemmy.world was federated to 2 different other instances, those instances wouldn’t be able to “talk to each other”? They’d just have snapshots that they could locally interact with, but never see anything else? So is the fate of the Lemmyverse a graveyard of communities from dead instances?

                • Illecors@lemmy.cafe
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Pretty much. I wouldn’t pay much attention to that, though - the absolute majority of the internet that has ever existed is a graveyard.

        • miles@lemmy.world
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          1 year ago

          I wonder about this as well – because communities are tied to a specific home instance, that instance going down affects that community, potentially killing it. Something more akin to hashtags/tags/labels wouldn’t be tied to an instance so they would be more robust, though you’d lose the moderation of a community and just have a firehose of posts/comments…

        • forrcaho@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          1 year ago

          Wow, you’re right. We really need to bring back something like USENET, where newsgroups (their “communities”) weren’t tied to a specific server. We could almost just resurrect NNTP, although the handling of images (and binary data more generally) probably needs some tweaking.

          • thisusernameistaken@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            no need to resurrect it, usenet still exists and has a bit of discussion traffic (and a lot of binary traffic) but we just need to get users to swap over. course there needs to be some decent mobile apps made as well.

        • Corkyskog@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          2
          ·
          1 year ago

          Jesum Crow… Tags aren’t a new concept. Just group communities with a tag… is that incredibly complicated to implement or something?

          • lolcatnip@reddthat.com
            link
            fedilink
            English
            arrow-up
            4
            arrow-down
            1
            ·
            1 year ago

            There needs to be a way for a person or group to essentially own a tag to enable moderation. It might be one of those rare problems for which a block chain is a good solution, because there would need to be a public ledger showing who is a moderator for a tag at any given moment.

            • nintendiator@feddit.cl
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              There is no need to own a tag, nor to tack blockchain into a problem to try and sell a solution. Ever.

              • lolcatnip@reddthat.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                You seem confused about what block chains actually are. I’m not suggesting anyone sell anything.

                And if you think moderation isn’t needed for healthy online communities, I invite you to visit Twitter.

                • nintendiator@feddit.cl
                  link
                  fedilink
                  English
                  arrow-up
                  2
                  ·
                  1 year ago

                  Moderation like you are proposing in no way requires someone to “own a tag”.

                  Anyone can use #CocaCola. Coca Cola Company does not get to dictate, audit or execute how people use the tag, nor should anyone else.

        • Freeman@lemmy.pub
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          It doesn’t have to be a bad ue though. The concept of multi-communities would make it easier to see communities based on topic.

          And having a search automation that find like communities, even if just the same community name on different instances would really go a long way.

      • Buddahriffic@lemmy.world
        link
        fedilink
        English
        arrow-up
        10
        ·
        edit-2
        1 year ago

        At this stage in the game, I’m not even sure how to evaluate the trustworthiness of instances. Which also applies to the one I’m currently on. I’d like to assume everything is good, but admins do have power that can be abused, like visibility of IP addresses, access to accounts, access to passwords (reusing passwords is bad but especially don’t do it here and certainly don’t use the same password for your email associated with your account).

        Facebook abused those powers (zuck even bragged about being able to see everyone’s passwords, emails, private messages, pictures), so did Reddit (though more with shadow banning or quietly removing/restoring posts).

        Fediverse instances are just run by random people as far as I can tell. I’m sure there’s some that should absolutely be avoided and I’m sure that there’s some that are perfectly fine. But I don’t have a clue how to determine which list about specific instance is in, otherwise I’d love to join someone’s small instance.

        Edit: oh and that only goes into whether the admin is acting in good faith or intends to be abusive. Then there’s the question of whether the admin is competent enough to run a server without it getting pwnt and giving others access to that same information and capabilities.

        • Thief@lemmy.myserv.one
          link
          fedilink
          English
          arrow-up
          8
          ·
          1 year ago

          You are correct. A lot of the internet is built on trust. This is no exception. I suggest having an account in more than one instance so that you are not too vested into 1 place.

      • Cyyy@lemmy.world
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        the problem is most users fear that if they choose a small instance, that it goes down random more likely and their account and everything else is gone. if you choose a bigger instance it feels less likely that the admin of the instance just says fuck it and kills the server random for whatever reason.

        as long accounts can’t be easy transfered and are maybe even safe somehow without their instance, people will choose the instance that feels the most secure to them. and when i looked at the available instances… most looked not really long term secure. most did look like they are random ideas of people and they could vanish any second into the void. so i as an example did choose lemmy.world. seemed the most safe option with the best features (nsfw allowed, a lot of users and a big instance)

        • Thief@lemmy.myserv.one
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          I understand the logic but its actually backwards. A small instance like mine is easily paid for totally out my own pocket and requires no outside funding or maintenance because I can do everything. If too few people donate to major instances then the costs starts to run away from the owners. In some ways becoming too large is a problem.

          • Cyyy@lemmy.world
            link
            fedilink
            English
            arrow-up
            4
            ·
            edit-2
            1 year ago

            i understand that, but think about it - its a random instance from a random stranger on the internet. you don’t know that person, and don’t know if he is actually serious interested in that project of running that instance… or if he will shut it down maybe a few day, weeks or months in the future.

            and you can’t really backup your account and load it somewhere else, so if this happens everything you saved and do is GONE. thats a huge risk if you value your account and contribution to communitys.

            so it doesn’t really matters to me if smaller instances are not expensive etc… thats not what fears people (there are still ways to spread users along more instances but more even). its the suddenly vanishing without warning that scares people.

            i had this often enough with similiar other projects where i created a account on such a small community / instance, was really active… and suddenly it was just gone from one second to the next without warning. everything gone. admin didn’t told anyone about it… was just gone into thin air.

            so it feels safer to go to instances who are more “trustworthy” in the longterm security of a stable operation.

            if lemmy would support export of accounts maybe ever month once or something… that would change things. also allow spoofing of stuff, but it would help with vanishing instances and people would feel safer on smaller more unknown instances.

            • Thief@lemmy.myserv.one
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              “i understand that, but think about it - its a random instance from a random stranger on the internet. you don’t know that person, and don’t know if he is actually serious interested in that project of running that instance… or if he will shut it down maybe a few day, weeks or months in the future.”

              Have to be honest with you, that is how all yhe instances started including lemmy.world.

              “so it feels safer to go to instances who are more “trustworthy” in the longterm security of a stable operation.”

              There is no metric by which to know this yet as lemmy is new. Its not like there are 5 servers that are 10 years old and al the rest are just starting up. Just how it is.

              • Cyyy@lemmy.world
                link
                fedilink
                English
                arrow-up
                1
                ·
                edit-2
                1 year ago

                Have to be honest with you, that is how all yhe instances started including lemmy.world.

                but now they have enough reputation & users to make them feel like the safest option

                There is no metric by which to know this yet as lemmy is new. Its not like there are 5 servers that are 10 years old and al the rest are just starting up. Just how it is.

                compared with random instances with 2-3 users or so, a instance who is there since the beginning / relative long compared to other is safer feeling tho.

                i’m so worried about this topic, that i even think about maybe setting up my own instance just to keep my accounts etc safe & from vanishing.

                • Thief@lemmy.myserv.one
                  link
                  fedilink
                  English
                  arrow-up
                  3
                  ·
                  1 year ago

                  I feel like you have missed the points im my previous comments but if you just want to feel safer because in your heart of hearts this instance or that instance just feels safer then go for it.

                  My advice does not change. Make a backup account on another instance to avoid being burned. If you dont want to, then its now on you.

        • geolaw@lemmygrad.ml
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          On a small instance, you have greater opportunities to take action to positively support that instance. You can make friends with the administrator, volunteer to become an administrator yourself, donate cash to offset running costs, lodge helpful reports, welcome new users, etc…

          • Cyyy@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            agreed, but i’m already moderating a community with 1,3k members elsewhere and have to do a lot of work daily there (posting content for the members who wait for it daily). also i currently start to build one up on lemmy.world that also takes time from my day. i don’t really have time in my daily activity to additonally do stuff which involve moderation or managing of such things like a server instance.

            don’t understand me wrong, i agree with what you say and its logical and smart to do it. but its always depending on the situation of each user. in my situation, its the best thing to go to a big instance.

        • jackoneill@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          My exact same thought process and why I’m here on lemmy.world as well. Once they get the server setup process more streamlined (hopefully dockerized) I’ll probably setup my own private use server, but until I get around to that project I wanted to pick one that didn’t seem like it would vanish once the guy hosting it started getting those hosting bills.

      • iraldir@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        3
        ·
        1 year ago

        Does that really scale though? The load on a server is not dependent on the number of users, but on the number of communities from other server that the sum of user is subscribing to.

        Which means if you have a server for 100 users, you still need to pay for the 1000s giant communities that those users are subscribing to, as they are being copied over in your server.

        So if you have a few mega server like Lemmy.world, they each pay say 10000£ in hosting a month (number taken out of my hat), which is fine because they have as many users that can contribute to it financially ( via donations, ads etc.). But small servers won’t be able to support that load and will ultimately close.

        That sounds like a design flaw if you ask me but i did not see anyone mentioning it so maybe i’m misunderstanding.

        • Thief@lemmy.myserv.one
          link
          fedilink
          English
          arrow-up
          7
          ·
          1 year ago

          No its not really as bad as that at all. The disk space is linear in that way but disk space is cheap. All the rest is not taxed heavily by federation. Do the big costs like CPU dont scale up like that.

      • Valmond@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        I’m on it 😁, well at least one little instance more (just gotta make the email stuff work, over OVH if I can do that).

    • samsy@feddit.de
      link
      fedilink
      English
      arrow-up
      18
      arrow-down
      9
      ·
      1 year ago

      I cant believe this is just coincidence. This is coordinated.

  • grandkaiser@lemmy.world
    link
    fedilink
    English
    arrow-up
    85
    arrow-down
    2
    ·
    edit-2
    1 year ago

    Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)

  • Rob T Firefly@lemmy.world
    link
    fedilink
    English
    arrow-up
    85
    arrow-down
    14
    ·
    1 year ago

    Link to the actual post OP screenshotted: https://very.bignutty.xyz/notes/9hf13it1ced3b2za

    Screenshots of text are not the way. The crappy “hey, a text thing I want to share, let me take an accessibility-poisoning screenshot and upload that graphic file like a psychopath instead of just copy/pasting either the link to the text or the text itself like a decent human being” routine needs to die with Reddit, we have to be better than that here.

    • phx@lemmy.ca
      link
      fedilink
      English
      arrow-up
      40
      arrow-down
      3
      ·
      1 year ago

      Screenshots of text preserve the state of the text at the time it was seen…

      Yes, it’s not good for accessibility but it’s a good way to quickly capture a moment in time.

      (I would recommend perhaps also copy/pasting a synopsis for people who might be vision impaired etc)

        • phx@lemmy.ca
          link
          fedilink
          English
          arrow-up
          4
          ·
          1 year ago

          That’s kinda what I was saying? Include the snapshot but also the original text body as a copy/paste for those using screen-readers or other such tools

      • Phlogiston@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        4
        ·
        1 year ago

        Also, modern tools are getting pretty good at dealing with text embedded in images. It isn’t ideal but this partially mitigates a large concern (accessibility). Rather than complaining about people taking screenshots maybe pressure should be placed on the screenshot tools, and image formats, to better capture the raw text exactly and embed it as extra data along with the image.

    • Jeena@jemmy.jeena.net
      link
      fedilink
      English
      arrow-up
      29
      arrow-down
      4
      ·
      1 year ago

      Screenshots stay with time, I hate it when I arrive a bit later and the link is already dead and I have no idea what it said.

      • Rob T Firefly@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        edit-2
        1 year ago

        So copy/paste the text, and link the original.

        In the case of this post, the ability to go to the original and learn the further info added by the author in subsequent posts is of use.

    • whoamibro@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      2
      ·
      1 year ago

      Accessibility should be enhanced to read text from image. Enduser shouldn’t care about how he should share an information. How hard is it to read a font from a text?

  • Aceticon@lemmy.world
    link
    fedilink
    English
    arrow-up
    70
    ·
    1 year ago

    It’s called a single-point of failure in Engineering.

    Funny enough it wasn’t even a technical one but a contractual one.

    Maybe there is some kind of lesson here on the risk of delegating critical structural elements to 3rd parties that rent rather than own that which they’re selling …

        • bionicjoey@lemmy.ca
          link
          fedilink
          English
          arrow-up
          13
          arrow-down
          1
          ·
          1 year ago

          The issue here isn’t the registrar though right? It’s that the TLD is being repossessed by the government of the country it’s meant to be associated with.

          • KubeRoot@discuss.tchncs.de
            link
            fedilink
            English
            arrow-up
            22
            ·
            1 year ago

            I think the point is that a reputable registrar wouldn’t sell domains like these in the first place… But I’m not saying that’s actually the case :/

            • bionicjoey@lemmy.ca
              link
              fedilink
              English
              arrow-up
              8
              arrow-down
              2
              ·
              1 year ago

              Governments are unpredictable. It’s not the registrar’s job to mitigate that unpredictability to their customers.

              • Corkyskog@sh.itjust.works
                link
                fedilink
                English
                arrow-up
                11
                ·
                1 year ago

                Idk, I feel like we’re only saying this because it’s Mali… If it were .US or .CN people would be like “well, duh”

                • bionicjoey@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  9
                  arrow-down
                  1
                  ·
                  1 year ago

                  Every country gets to decide how tight of a grip they have on their TLD. Some sell it for some extra income (like Tuvalu) while others hang onto it for government or domestic use only

                • bill@lemmy.world
                  link
                  fedilink
                  English
                  arrow-up
                  7
                  ·
                  1 year ago

                  Not really. When you pay for .us domain you have it for a certain number of years. If the US tried to suddenly yank those back and violate the outstanding contracts for x number of years, there would most likely be lawsuits and an injunction from a federal judge blocking the action until there are hearings, etc. It would be a whole thing. If you simply couldn’t renew your .us domain anymore, that’s something you would know ahead of time and could plan for. It wouldn’t just vanish one day.

        • hypelightfly@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          More like, it’s less sketchy if you pay for a domain at all. .ml was free, what did they think was going to happen?

      • Saik0@lemmy.saik0.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Indeed… you never really purchase a domain. It’s definitely more of a lease. And that’s any tld.

    • miles@lemmy.world
      link
      fedilink
      English
      arrow-up
      19
      arrow-down
      1
      ·
      1 year ago

      It’s called a single-point of failure in Engineering.

      For that instance, yes. For the whole of Lemmy, no. Everything else keeps on chugging along.

      • Aceticon@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        1
        ·
        1 year ago

        Indeed.

        Imagine if this had happenned to a centralized system like Reddit…

        • Takumidesh@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          A centralized system wouldn’t have this problem since the only reason they can’t just use another domain name is because of refederation. A great example of this happening is piracy websites, which notoriously get shutdown only to pop up five minutes later with a new domain.

          This is actually a critical flaw IMO in federated applications as a whole. Not being able to change domain names makes your entire platform (as an instance runner) tightly coupled to the initial decision you make when first setting up the instance.

    • OutrageousUmpire@lemmy.world
      link
      fedilink
      English
      arrow-up
      54
      ·
      1 year ago

      Freenom gives away domains, many of which are used by phishers and other bad actors. Meta is suing them for not being responsive to their complaints about this. And I guess the injury inflicted on their users by phishers.

      • kratoz29@lemmy.world
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        1
        ·
        1 year ago

        Wait, is it actually Feeenom’s fault? Isn’t it from whatever the server the malicious actions comes from?

        For example I use one of their domains along with a Digital Ocean droplet, and I used it briefly to increase my seeding ratio by portforwarding my Qbittorrent port, after several months I got a letter from DO (which is amusing because my country couldn’t care less about torrenting lol) which I think is correct, I don’t think this is Feeenom’s fault.

        • orclev@lemmy.world
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 year ago

          I’m assuming they’ve run afoul of something similar to the DMCA safe harbor provisions. Basically under the DMCA a hosting provider isn’t responsible for violations due to user submitted content as long as they’re responsive to notifications and remove the content quickly when notified.

          Now that applies to copyright not domain names, but I’m assuming there’s some kind of similar law at play. Meta has said that Freenom has been ignoring complaints about domains registered with them that are being used for phishing attacks. It could also be a DMCA issue because I think it does have some anti-domainsquating provisions in it that prevent you from E.G. registering say cocacola.ml as you aren’t the holder of that trademark.

          In theory depending on where Freenom is run out of they might be able to just ignore the lawsuit, but it’s probable that doing so will get them blocked by various ISPs and organizations.

          • kratoz29@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            Thanks for the explanation I think being Freenom a “free” entity they could care less about complaints, but let’s see hot this evolves then.

        • Aux@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          1 year ago

          Registrars not only have rights, but also responsibilities. They physically own the domain names and bear responsibility to ensure their domain names follow international rules.

      • zucky@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Meta? like the Facebook Meta? are there still Facebook phishing going on in 2023?

        with all the tracking and data they collect, they should’ve been able to tell who’s logging into whose account before they do any damage

    • gamer
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      I think that’s different because the .ml domain apparently was being given away for free by a registrar that wasn’t responding to abuse complaints, and thus was being heavily abused.

      …but if not, then holy shit what a mistake it was to register firstname@lastname.me as my primary email address.

  • shaked_coffee@feddit.it
    link
    fedilink
    English
    arrow-up
    39
    ·
    1 year ago

    I was using .ml domains for my selfhosted services, since it was just an hobby and I didn’t wanted to invest money on it. Apart from Freenom website being pretty unusable since I have memory, I’ve already had troubles renewing them last year and now they stopped working without any notice nor update from Freenom itself. Finally I decided to move to a payed domain from Infomaniak, since it’s been more than a year I’ve been selfhosting and $10/year is a fair price for me.

    But still without those free domains I wouldn’t probably ever started selfhosting, and I guess a lot of other people like me wouldn’t have experimented or spin up their projects if they had to pay for a domain from the beginning. So despite my hate for Freenom I guess I have to thank them and hope someone else (maybe a bit more “professional”) will take its place in the future

    • Corkyskog@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.

      Umm… Can we talk about how a private company is suing another private company over something that should be in the interest of the government/general public? Where are our agencies, where is Interpol/Europol or ENISA?