This brings a disturbing thought to mind… if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?
Welp that answers a lot of why all .ml are down
Submitted 1 year ago by BarterClub@sh.itjust.works to technology@lemmy.world
Comments
db2@lemmy.one 1 year ago
Wander@yiffit.net 1 year ago
No, the signatures wouldn’t match.
Saik0Shinigami@lemmy.saik0.com 1 year ago
That’s an assumption that lemmy will quit federating with a server that does not match.
And what signature are we talking about anyway? Is not certificates…
lolcatnip@reddthat.com 1 year ago
This is why you don’t let your domain registration lapse. It’s not the only way computers on the internet verify each other’s identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.
baascus@lemmy.world 1 year ago
Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!
hemmes@lemmy.world 1 year ago
ICANN has an Expired Registration Recovery Policy (ERRP) that requires your registrar to give your domain a 30-day grace period before deleting the records. ERRP also requires them to shutdown your DNS resolutions 8 days before deletion.
You’d have to be really mismanaging your domain if you miss all the required email reminders and don’t notice your domain has been non functional for a couple of days.
vagrantprodigy@lemmy.whynotdrs.org 1 year ago
Using .ml was stupid in the first place. No need to try to be a special snowflake by using a sketchy TLD.
Ddhuud@lemmynsfw.com 1 year ago
It’s one of the 5 TLD (now 4 I guess) that are free. The others being .tk, .ga, .cf and .gq
We need free TLDs.
vagrantprodigy@lemmy.whynotdrs.org 1 year ago
I’m aware. Using it for something like this is stupid.
gamer@lemm.ee 1 year ago
wow I didn’t even know that was a thing! This is useful to know, thanks :D
SuddenDownpour@lemmy.world 1 year ago
But- But- But the memes of a Marxist-Leninist instance!!1!
Widowmaker_Best_Girl@lemmy.world 1 year ago
Commies punching the air right now
icyjiub@lemmy.world 1 year ago
They should check if .cia is open if they’re want to switch over to something more fitting.
RFBurns@lemmy.world 1 year ago
I wonder if it was done on purpose after it came out that the Pentagon had typo’d “.ml” instead of ‘.mil’ and exposed a lot of sensitive emails…
100@lemm.ee 1 year ago
Highly doubtful much of anything majorly sensitive got leaked. Firstly even unclassified DoD emails are encrypted by default. Secondly anything classified isn’t even on a network that can talk to normal email, it’s either 100% point to point encrypted or on an airgapped network. If I hopped on SIPR (DoD Secret-level internet) and emailed a normal email address it simply wouldn’t work.
hitagi@ani.social 1 year ago
Out of curiosity, other than fmhy.ml, lemmy.ml, and lemmygrad,ml, what other Lemmy instances were using .ml domains? Also, how are the latter two still running but fmhy.ml isn’t?
NOT_RICK@lemmy.world 1 year ago
Why are so many instances using .ml anyway?
Ginjutsu@lemmy.world 1 year ago
AFAIK, lemmy.ml and lemmygrad.ml use it because the ml can also stand for “Marxist-Leninist”, and the two primary maintainers of Lemmy are Marxist-Leninists . Not sure about the others though.
sciawp@lemm.ee 1 year ago
I think it’s because ML is a popular shorthand for ‘Marxist-Leninist’ since they mostly seem to be communist servers
RagingNerdoholic@lemmy.ca 1 year ago
I’m guessing because it’s sort of an alliteration on lemmy?
hemmes@lemmy.world 1 year ago
I know a ton about DNS and its technical functionality, not necessarily the regulations guiding registrars, but the technician in me says your TTL (how long other servers wait until asking where xyz.ml points to) hasn’t expired, maybe? Perhaps the government administration process simply hasn’t executed any action against those particular registrars yet?
I never liked TLDs that are from random islands or less than stable countries and there are so many great TLDs available now, I simply do t see the reason to use such obscure TLDs just for the marketing factor.
hitagi@ani.social 1 year ago
Thanks for answering. I figured it was a registrar thing. How bad do you think the situation will be for other .ml domains?
I’m guessing fmhy.ml was using Freenom but lemmy.ml and lemmy.ml were using a different domain registrar, hence the situation right now.
Gork@lemm.ee 1 year ago
I never liked TLDs that are from random islands
I remember reading somewhere that Tuvalu gets like 10% of their entire yearly income from Twitch.
I now pronounce Twitch as Twitch dot Tuvalu, but I get weird "huh?"s when I say it like that.
BarterClub@sh.itjust.works 1 year ago
You can see all but posts and comments won’t be on their server until back online that are a few it went down. So I can visit my communities like lemmy.fmhy.ml/c/artwork that I mod. I can see it but nothing will happen until it comes back online. That’s what understand at least.
notintheface@feddit.nu 1 year ago
Man, hacking, DDOS and now this. The fediverse just can’t catch a break…
sebinspace@lemmy.world 1 year ago
Resiliency is the strongpoint.
If Reddit shuts down, all of Reddit dies.
Same with Facebook, YouTube, etc. is that highly unlikely? Well, yeah, but still nonzero. The fediverse offers resiliency in this regard, and no one person has the ability to shut it down. Even if all instances decide to shut down, new instances can still be spun up.
Aux@lemmy.world 1 year ago
If the communities you like to read and post to are down, then Fediverse is effectively down for you. Thus it doesn’t offer any additional resilience, it’s not a P2P system.
Thief@lemmy.myserv.one 1 year ago
Would help if users spread out over all the running servers because problem is just a few lemmy servers have all the users. For example the instance I run would be a simple proxy to use for all the content and then would mitigate issues when a big server had problems since just parts of the fediverse would be affected from the users pov.
null@slrpnk.net 1 year ago
I feel like communities are the bigger problem here. And not one that’s easily solved.
If users from multiple instances come together in communities, those communities are still centralized on a single server. So if something happens to that server, or if your instance defederates with it, the whole community goes with it.
The alternative would be to have tons of duplicate communities spread over many instances, but that’s a bad user experience.
Buddahriffic@lemmy.world 1 year ago
At this stage in the game, I’m not even sure how to evaluate the trustworthiness of instances. Which also applies to the one I’m currently on. I’d like to assume everything is good, but admins do have power that can be abused, like visibility of IP addresses, access to accounts, access to passwords (reusing passwords is bad but especially don’t do it here and certainly don’t use the same password for your email associated with your account).
Facebook abused those powers (zuck even bragged about being able to see everyone’s passwords, emails, private messages, pictures), so did Reddit (though more with shadow banning or quietly removing/restoring posts).
Fediverse instances are just run by random people as far as I can tell. I’m sure there’s some that should absolutely be avoided and I’m sure that there’s some that are perfectly fine. But I don’t have a clue how to determine which list about specific instance is in, otherwise I’d love to join someone’s small instance.
Cyyy@lemmy.world 1 year ago
the problem is most users fear that if they choose a small instance, that it goes down random more likely and their account and everything else is gone. if you choose a bigger instance it feels less likely that the admin of the instance just says fuck it and kills the server random for whatever reason.
as long accounts can’t be easy transfered and are maybe even safe somehow without their instance, people will choose the instance that feels the most secure to them. and when i looked at the available instances… most looked not really long term secure. most did look like they are random ideas of people and they could vanish any second into the void. so i as an example did choose lemmy.world. seemed the most safe option with the best features (nsfw allowed, a lot of users and a big instance)
iraldir@lemmy.world 1 year ago
Does that really scale though? The load on a server is not dependent on the number of users, but on the number of communities from other server that the sum of user is subscribing to.
Which means if you have a server for 100 users, you still need to pay for the 1000s giant communities that those users are subscribing to, as they are being copied over in your server.
So if you have a few mega server like Lemmy.world, they each pay say 10000£ in hosting a month (number taken out of my hat), which is fine because they have as many users that can contribute to it financially ( via donations, ads etc.). But small servers won’t be able to support that load and will ultimately close.
That sounds like a design flaw if you ask me but i did not see anyone mentioning it so maybe i’m misunderstanding.
Valmond@lemmy.world 1 year ago
I’m on it 😁, well at least one little instance more (just gotta make the email stuff work, over OVH if I can do that).
samsy@feddit.de 1 year ago
I cant believe this is just coincidence. This is coordinated.
skillissuer@lemmy.world 1 year ago
and that’s just the first month
MrMonkey@lemm.ee 1 year ago
lemmygrad.ml and lemmy.ml are gone? So sad.
Anyway.
Aldrond@lemmy.world 1 year ago
Unfortunately, it seems the tankies are gonna tank right on (over the bodies of students).
kworpy@lemm.ee 1 year ago
Best comment
AndreTelevise@lemmy.world 1 year ago
both are up, but fmhy is down, maybe forever
CthulhuOnIce@sh.itjust.works 1 year ago
both are still up, but fmhy.ml is down
macrocephalic@lemmy.world 1 year ago
Fmhy.ml is also gone.
rob_t_firefly@lemmy.world 1 year ago
Link to the actual post OP screenshotted: very.bignutty.xyz/notes/9hf13it1ced3b2za
Screenshots of text are not the way. The crappy “hey, a text thing I want to share, let me take an accessibility-poisoning screenshot and upload that graphic file like a psychopath instead of just copy/pasting either the link to the text or the text itself like a decent human being” routine needs to die with Reddit, we have to be better than that here.
phx@lemmy.ca 1 year ago
Screenshots of text preserve the state of the text at the time it was seen…
Yes, it’s not good for accessibility but it’s a good way to quickly capture a moment in time.
(I would recommend perhaps also copy/pasting a synopsis for people who might be vision impaired etc)
rob_t_firefly@lemmy.world 1 year ago
So copy/paste the text, and link to the original.
Phlogiston@lemmy.world 1 year ago
Also, modern tools are getting pretty good at dealing with text embedded in images. It isn’t ideal but this partially mitigates a large concern (accessibility). Rather than complaining about people taking screenshots maybe pressure should be placed on the screenshot tools, and image formats, to better capture the raw text exactly and embed it as extra data along with the image.
TheSpookiestUser@lemmy.world 1 year ago
At the least, put the screenshot and the link in the post. We can do both, people.
shashi154263@lemmy.world 1 year ago
Yeah, this is the correct way, because posts often become inaccessible.
jeena@jemmy.jeena.net 1 year ago
Screenshots stay with time, I hate it when I arrive a bit later and the link is already dead and I have no idea what it said.
Cyyy@lemmy.world 1 year ago
…except when the image hoster suddenly dies and 10000s of Screenshots suddenly vanish from the internet and all howto’s etc are killed by it
ramjambamalam@lemmy.ca 1 year ago
If you can post an image, you can post text, right?
hypelightfly@lemmy.world 1 year ago
Copy/pasted text stays with time too and doesn’t have the issues that pictures of text do. Also hosted images disappear all the time.
mob@lemmy.world 1 year ago
[deleted]rob_t_firefly@lemmy.world 1 year ago
So copy/paste the text, and link the original.
Imgonnatrythis@lemmy.world 1 year ago
Yeah, it’s 2023, just take a video of your screen and upload that like the kids all do now.
whoamibro@lemmy.world 1 year ago
Accessibility should be enhanced to read text from image. Enduser shouldn’t care about how he should share an information. How hard is it to read a font from a text?
condenser@lemdro.id 1 year ago
How hard is it to read a font from a text?
My man, you just don’t know how crappy OCR can be with non-latin alphabet writing systems, especially Chinese characters.
If the source is already in text (perfectly accessible), why should we make an image out of it? That’s like saying let’s email a document, but instead of the original doc file, let’s print them out, scan, and then send the pdf of those images instead.
astral_avocado@programming.dev 1 year ago
Yeah that’s not gonna happen
Aceticon@lemmy.world 1 year ago
It’s called a single-point of failure in Engineering.
Funny enough it wasn’t even a technical one but a contractual one.
Maybe there is some kind of lesson here on the risk of delegating critical structural elements to 3rd parties that rent rather than own that which they’re selling …
bionicjoey@lemmy.ca 1 year ago
Unfortunately that has always been the nature of TLDs
lohrun@fediverse.boo 1 year ago
It’s less sketchy if you pay for a domain through a reputable registrar
Saik0Shinigami@lemmy.saik0.com 1 year ago
Indeed… you never really purchase a domain. It’s definitely more of a lease. And that’s any tld.
miles@lemmy.world 1 year ago
It’s called a single-point of failure in Engineering.
For that instance, yes. For the whole of Lemmy, no. Everything else keeps on chugging along.
Willer@lemmy.world 1 year ago
I think its called “redundancy L”
grandkaiser@lemmy.world 1 year ago
Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away!
salient_one@lemmy.villa-straylight.social 1 year ago
What’s the point of alternative DNS roots? Can they be a thing to mitigate DNS related failures (though lemmy.ml is back online, so I guess that wasn’t it)?
jmanjones@lemmy.world 1 year ago
When I was talking my cyber security / ethical hacking class, we learned how to do zone transfer. The concept never stuck and I basically “copy” from my friend. So what exactly is a DNS Zone Transfer?
Mikina@programming.dev 1 year ago
Why is Meta suing Freenom?
BrownianMotion@lemmy.world 1 year ago
It was quite hard to find any information on this, so I will post what I found.
tech.slashdot.org/…/phishing-domains-tanked-after…
That second link is less relevant but interesting.
A_A@lemmy.world 1 year ago
Visited lemmy.ml : it is on.
When was it down ?shaked_coffee@feddit.it 1 year ago
I was using .ml domains for my selfhosted services, since it was just an hobby and I didn’t wanted to invest money on it. Apart from Freenom website being pretty unusable since I have memory, I’ve already had troubles renewing them last year and now they stopped working without any notice nor update from Freenom itself. Finally I decided to move to a payed domain from Infomaniak, since it’s been more than a year I’ve been selfhosting and $10/year is a fair price for me.
But still without those free domains I wouldn’t probably ever started selfhosting, and I guess a lot of other people like me wouldn’t have experimented or spin up their projects if they had to pay for a domain from the beginning. So despite my hate for Freenom I guess I have to thank them and hope someone else (maybe a bit more “professional”) will take its place in the future
Catasaur@lemmy.catasaur.xyz 1 year ago
A lot of people should be concerned about this for .me domains as well (Montenegro)
kaito@lemmy.world 1 year ago
Personally I think more people should be aware of the evil company that is Freenom. (Not saying Meta is not evil.)
Or at least the people that unwittingly transact with them and give them attention / money.
const_void@lemmy.world 1 year ago
Why was .ml selected to begin with?
kratoz29@lemmy.world 1 year ago
Why is Meta suing Freenom?
CMahaff@lemmy.world 1 year ago
FYI I have made a tool that can backup / copy your account settings, subscriptions, and blocks to a new account: github.com/CMahaff/lasim
There are others out there as well if you look.
Obviously the loss of .ml communities would still be catastrophic to Lemmy, but at least your new account won’t start from ground-zero, and you can be less effected by downtime by having 2 accounts with the same subscriptions.
LordShrek@lemmy.world 1 year ago
this is why instances should be abstracted away as underlying infrastructure and the users don’t have to think about “instances”. accounts and communities are replicated across servers.
Gamey@lemmy.world 1 year ago
The domain bs is a interesting case of scummy practices in general, .tv was missused in a similar way with awful contracts, essentially scamming a already increadably poor country!
RagingNerdoholic@lemmy.ca 1 year ago
I can understand why refederation needs to be done manually, but I’m confused as to why transferring users and histories is a maybe. Web and database hosting are mutually exclusive from domain hosting/registration.
teydam@lemmy.world 1 year ago
.ml was a terrible name anyways. People just kept saying everyone was a tannkie whether or not true. Not the image that’s going to help you grow or your ideological goals imo
Bombastic@sopuli.xyz 1 year ago
Is this because of the DoD typo leaks? Lol
httpjames@sh.itjust.works 1 year ago
I don’t understand why they went with free domains in the first place. Freenom is known for being unreliable.
blockhouse@lemmy.world 1 year ago
The Mali government taking control of the .ml tld probably has something to do with the fact that hundreds of thousands of US military emails have been accidentally sent to Mali by users who type .ml instead of .mil in the address field.
Jmr@lemmy.world 1 year ago
This is why I have a .org.
ieightpi@lemmy.world 1 year ago
in confused. ml doesn’t seem to be down anymore.
lemmyshmemmy@lemmy.world 1 year ago
Maybe they can help us out and take down Lemmygrad while they’re at it
ZodiacSF1969@lemmy.world 1 year ago
Couldn’t happened to a worse bunch of people lol
drmoose@lemmy.world 1 year ago
the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.
Wispy2891@lemmy.world 1 year ago
If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”
steltek@lemm.ee 1 year ago
Renewal costs are my primary consideration when picking domains. Subscription fees is how your money disappears when you’re not looking.