An update:
- fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
- As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
- We have backups, so don't worry about data loss (you can view them on other instances anyway)
Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.
An update:
fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
We have backups, so don’t worry about data loss (you can view them on other instances anyway)
Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.
I initially started on Lemmy.ml but decided to look for smaller instances. Not only just to be safe for stuff like this, but also to find a tighter community. I found an instance dedicated to the area I grew up around and have been really happy with that move.
Does this have anything to do with the whole email thing from the American military? According to the financial times, there are about 117.000 emails send to .ML addresses instead of .MIL…
Somewhat related. Basically, the management of the .ml TLD are being handed back to Mali government, and they seem to revoking.ml domains left and right.
I suspect they’re revoking registration for .ml domains that was registered for free. the company that originally managed .ml domains had a free domain offers where you could register any .ml domain for free, the caveat is you don’t have the ownership right to that free domain. Maybe Mali government doesn’t honor such free domain registration and wish to revoke them all.
There was a report in the beginning of June that things started looking weird. The registration of new .ml domains shut down in the beginning of the year.
In short, the Mali government just gave some random 3rd party a ten-year contract to hand out the domains for free, which the third party did without too much care or attention. It would have been up to the third party to notify domain owners, but as they’re not paying and probably don’t even have contracts themselves, there was little incentive to do so.
As far as I can understand, it relates to the US military scandal only indirectly: As the .ml domains are now returning to the government of Mali, it becomes a lot more problematic that the US keep directing their emails there, and the person in charge of managing the domain went public about the security threat.
I understand it as the Mali government is taking back all the domains after a subletting contract ran out. A lot of sensitive emails that should go to .mil (US military) has been typo-sent to .ml-addresses instead. Here’s some more reading.
(I am very tired here and might have misunderstood everything, please correct me if I am wrong)
Perhaps the military should have a system in place to not allow emails to be sent outside of very specific TLDs if it’s that sensitive? And perhaps have an automated contact book, instead of relying on someone typing out the to: address manually to be able to make that mistake in the first place?
Seems like some very basic security measures for something so serious.
For most situations, there is a global address list that members can use. There are instances where emails need to be sent outside of the .mil domain though, such as to other government agencies that use a .gov, or to contractors on commercial domains, as well as to partner nations that will be on their own countries’ domains.
Yeah that’s super easy to integrate. I used to work in cyber security for a bank and even I was only allowed to send to internal domains initially. I had to file for exceptions for contractors and vendors and stuff.
From that point of view, yes. That’d mess things up, you’re right. But from my understanding, they won’t lose any data, accounts will remain, as well as subscriptions that lemmy.ml users have. Or am I wrong?
The problem is, if they don’t have access to their original .ml domain, their accounts are still tied to it. That means if they try to interact, such as subscribing to a community, when the data for that action tries to be sent back (such as updates) it’ll go to the .ml domain, which they wouldn’t receive.
Lemmy doesn’t have a built in way to just change the domain name, or really any of the ActivityPub services AFAIK. You’d have to either really do some hacky stuff to get around it (which could result in unknown issues down the line) or reset everything.
Most of the hacky ways around it involve retaining ownership of the old domain and leaving it up indefinitely as a pointer to the new location. If your domain is taken from you though there is not much you can do.
Seriously dumb to have used this TLD considering there are a ton of choices these days.
Right. This will basically make nearly every /c live in .world as all of the .ml /c’s go defunct. That, or Beehaw, which is walled off from everyone else.
(Side note… my work’s firewalls block everything *.ml – and that’s the only thing that saved me from creating my account there)
deploying the fediverse instances-instance communication on top of a mesh-net like yggdrasil, using their addresses as domain names, may be a quick fix without having to change the paradigm
Currently, activitypub identity is tied to domain name. Mastodon support migration as long as the old domain is still up during the migration process, but AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
Someone should tell Lemmy devs and send them a crate of coffee because it’ll be a race to implement domain migration before all .ml domains got shut down.
Good thing join-lemmy is safely tucked away in a .org domain.
This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.
If it was always going to happen, now isn’t really a bad time. Sure, a month ago would have been better, but people still haven’t been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.
I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.
Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it “disables” an entire instance, cuts it off from federation and locks out users.
Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!
I’m now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.
Would the instances they’ve federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?
Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that’s about it. Their admins would probably have to block/defederate them manually.
lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I’ve got a good number of community subscriptions there.
This wouldn’t happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don’t think it’s worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.
Currently, activitypub identity is tied to domain name. While mastodon support migration as long as the old domain is still up during the migration process, AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
So basically, if you switch your instance domain, you’ll mess up all your federation network, unless Lemmy devs implement a solution soon.
Never hurts. Could be a good opportunity to look around the threadiverse and see if you find anything interesting.
However, as it only affects the domain, I expect the Lemmy developers will manage to migrate user data to the new domain should lemmy.ml go down. So your account won’t just disappear, but it might go down for a while. It might also affect communities hosted on .ml domains, as followers from other instances will not have the correct path any more.
Yeah, they are actively working on functionality to migrate user accounts and other data between instances, so that they can use that functionality to migrate everything on an instance to another instance.
Since migrating data affects all the replicated data on other instances as well, I guess when they migrate lemmy.ml somewhere else, all of Lemmy will be down for a day or two, being just overloaded with all the migration stuff.
This is why we host our instance on a .org. Honestly another huge blow for Lemmy. It doesn’t really inspire confidence in the platform. Hopefully after enough time passes smaller instances like us and the bigger ones left will have help up a good track record to inspire confidence again.
This isn’t really that huge of a blow, it’s a learning curve sure but just because some people made dumb decisions on what TLD to use based on something they decided it means (and backtracked to say they chose it because it was free, I know) doesn’t mean federated platforms don’t work. Actually imo it points to the strength of federation that we can still be here using lemmy on our instances while they switch.
All this really did was teach instance owners (who this might be their first experience hosting things too btw) that you have to use a TLD that is more stable like a .org, .com, .net, etc over a “free” one, and this is afaik the first instance of something like this happening, so honestly they didn’t have precedent to base this on before.
By no means did i mean that federated platform’s wont work, far from it. Im more considering the reputational damage of the platform. For me all the .ml instances unresolvable. And it doesn’t look good when the “official” instance is lost. If i were an outsider considering moving to lemmy and i saw vlemmy disappear, lemmy world get hacked, and .ml loosing their domains id be pretty hesitant on making the switch. Thats where i sit for the moment. Lets all hope we can get a good track record going now.
It was good while it lasted and they managed to keep it going longer than my first instance (two days)
Not all instances are created equal however one I tried to sign upto their email verification didn’t work and others just didn’t bother to activate my account for whatever the reason.
But they only took the domain name, not the server? So it should be no issue to just get another domain, change a bit of config on the system and web server, and be up and running in no time?
Not that easily, no. With ActivityPub your user ID is tied to the instance URL. If you subscribe to a community for example, when that community tries to “honor” your subscription by sending you updates of what is happening, it’ll go to that .ml domain and be lost.
There’s no official supported way to change your instance domain other than to start fresh. They might be able to do something hacky such as change all of the domains in the database and while locally that might appear to work, I don’t know if it would work across the federation.
I do know on the instance I run, I accidentally broke the webserver config for one of the ActivityPub endpoints and the result was that when I sent out comments, it never actually got federated / published yet I can still see them from my instance. New subscriptions also didn’t work. It was as if I effectively shadow-banned the instance by accident.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
I initially started on Lemmy.ml but decided to look for smaller instances. Not only just to be safe for stuff like this, but also to find a tighter community. I found an instance dedicated to the area I grew up around and have been really happy with that move.
What about lemmy.ml? Can govt just take their domain?
I think in theory yes, since the .ml tld is now managed by the Mali government instead of some guy that had an agreement with them.
Does this have anything to do with the whole email thing from the American military? According to the financial times, there are about 117.000 emails send to .ML addresses instead of .MIL…
Translated page: https://tweakers-net.translate.goog/nieuws/211828/nederlander-die-ml-voor-mali-beheert-kreeg-duizenden-e-mails-amerikaanse-leger.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
Somewhat related. Basically, the management of the .ml TLD are being handed back to Mali government, and they seem to revoking.ml domains left and right.
I suspect they’re revoking registration for .ml domains that was registered for free. the company that originally managed .ml domains had a free domain offers where you could register any .ml domain for free, the caveat is you don’t have the ownership right to that free domain. Maybe Mali government doesn’t honor such free domain registration and wish to revoke them all.
deleted by creator
If this was a planned takeover by the government, why was there no notification sent in time? Why is lemmy.ml not shut down in parallel?
There was a report in the beginning of June that things started looking weird. The registration of new .ml domains shut down in the beginning of the year.
In short, the Mali government just gave some random 3rd party a ten-year contract to hand out the domains for free, which the third party did without too much care or attention. It would have been up to the third party to notify domain owners, but as they’re not paying and probably don’t even have contracts themselves, there was little incentive to do so.
As far as I can understand, it relates to the US military scandal only indirectly: As the .ml domains are now returning to the government of Mali, it becomes a lot more problematic that the US keep directing their emails there, and the person in charge of managing the domain went public about the security threat.
WIll this also affect all other .ml domains? Or is this some anti-piracy thing? (I don’t know fmhy, but from the name I guess it’s about piracy.)
I understand it as the Mali government is taking back all the domains after a subletting contract ran out. A lot of sensitive emails that should go to .mil (US military) has been typo-sent to .ml-addresses instead. Here’s some more reading.
(I am very tired here and might have misunderstood everything, please correct me if I am wrong)
Perhaps the military should have a system in place to not allow emails to be sent outside of very specific TLDs if it’s that sensitive? And perhaps have an automated contact book, instead of relying on someone typing out the to: address manually to be able to make that mistake in the first place?
Seems like some very basic security measures for something so serious.
Internally they do block that but the problem are people outside the network sending something to a .mil address and mistyping.
This says that they block outgoing mail to .ml domains from its network.
https://domainincite.com/28897-freenom-is-losing-another-cctld-after-collecting-military-emails
Edit: wrong link
For most situations, there is a global address list that members can use. There are instances where emails need to be sent outside of the .mil domain though, such as to other government agencies that use a .gov, or to contractors on commercial domains, as well as to partner nations that will be on their own countries’ domains.
Yeah that’s super easy to integrate. I used to work in cyber security for a bank and even I was only allowed to send to internal domains initially. I had to file for exceptions for contractors and vendors and stuff.
It seems to be Mali just wanting their domains back, in which case it’s uncertain times for all .ml domains.
removed by mod
It’s just the domain, though. That’s not a big deal to change.
Federation connections are by domain name, so … it is a big deal
From that point of view, yes. That’d mess things up, you’re right. But from my understanding, they won’t lose any data, accounts will remain, as well as subscriptions that lemmy.ml users have. Or am I wrong?
The problem is, if they don’t have access to their original
.mldomain, their accounts are still tied to it. That means if they try to interact, such as subscribing to a community, when the data for that action tries to be sent back (such as updates) it’ll go to the.mldomain, which they wouldn’t receive.Lemmy doesn’t have a built in way to just change the domain name, or really any of the ActivityPub services AFAIK. You’d have to either really do some hacky stuff to get around it (which could result in unknown issues down the line) or reset everything.
Most of the hacky ways around it involve retaining ownership of the old domain and leaving it up indefinitely as a pointer to the new location. If your domain is taken from you though there is not much you can do.
Seriously dumb to have used this TLD considering there are a ton of choices these days.
Oh, it’s more complex than I expected. Thanks for explaining. I was wrong.
Right. This will basically make nearly every /c live in .world as all of the .ml /c’s go defunct. That, or Beehaw, which is walled off from everyone else.
(Side note… my work’s firewalls block everything *.ml – and that’s the only thing that saved me from creating my account there)
deploying the fediverse instances-instance communication on top of a mesh-net like yggdrasil, using their addresses as domain names, may be a quick fix without having to change the paradigm
Currently, activitypub identity is tied to domain name. Mastodon support migration as long as the old domain is still up during the migration process, but AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
Someone should tell Lemmy devs and send them a crate of coffee because it’ll be a race to implement domain migration before all .ml domains got shut down.
Think about all the links to lemmy.ml
The instance is known by its domain name in the federation network. If that domain name changes, it’s like starting a new instance from scratch.
Sounds like a complicated project to migrate communities and posts and users to a new instance without breaking something.
Good thing join-lemmy is safely tucked away in a .org domain.
This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.
If it was always going to happen, now isn’t really a bad time. Sure, a month ago would have been better, but people still haven’t been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.
I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.
Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it “disables” an entire instance, cuts it off from federation and locks out users.
Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!
I’m now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.
Would the instances they’ve federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?
Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that’s about it. Their admins would probably have to block/defederate them manually.
I think they need the private key for the https certificate to do that
lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I’ve got a good number of community subscriptions there.
This wouldn’t happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don’t think it’s worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.
Shall I make an account in another instance?
I’ve migrated from fmhy to feddit.uk, luckily my subscriptions were on a cached web page soon was able to manually re-subscribe.
Nope. Domains don’t store data. They can change domain and keep all the data.
Unfortunately, no.
Currently, activitypub identity is tied to domain name. While mastodon support migration as long as the old domain is still up during the migration process, AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
So basically, if you switch your instance domain, you’ll mess up all your federation network, unless Lemmy devs implement a solution soon.
Calckey.social will be transferring all data to new firefish.social, first in the Fediverse.
Never hurts. Could be a good opportunity to look around the threadiverse and see if you find anything interesting.
However, as it only affects the domain, I expect the Lemmy developers will manage to migrate user data to the new domain should lemmy.ml go down. So your account won’t just disappear, but it might go down for a while. It might also affect communities hosted on .ml domains, as followers from other instances will not have the correct path any more.
Thanks for the info.
Yeah, they are actively working on functionality to migrate user accounts and other data between instances, so that they can use that functionality to migrate everything on an instance to another instance.
Since migrating data affects all the replicated data on other instances as well, I guess when they migrate lemmy.ml somewhere else, all of Lemmy will be down for a day or two, being just overloaded with all the migration stuff.
I’ve been seeing posts from users on lemmy.ml though? How’s that possible
They are probably paying for the domain
have fmhy not paying for theirs?
I’d like to think FMHY was true to their name and didn’t pay for the domain.
No, that is the crux of the matter. They used freedom, which offered .ml for free.
No idea… Sorry
This is why we host our instance on a .org. Honestly another huge blow for Lemmy. It doesn’t really inspire confidence in the platform. Hopefully after enough time passes smaller instances like us and the bigger ones left will have help up a good track record to inspire confidence again.
This isn’t really that huge of a blow, it’s a learning curve sure but just because some people made dumb decisions on what TLD to use based on something they decided it means (and backtracked to say they chose it because it was free, I know) doesn’t mean federated platforms don’t work. Actually imo it points to the strength of federation that we can still be here using lemmy on our instances while they switch.
All this really did was teach instance owners (who this might be their first experience hosting things too btw) that you have to use a TLD that is more stable like a .org, .com, .net, etc over a “free” one, and this is afaik the first instance of something like this happening, so honestly they didn’t have precedent to base this on before.
By no means did i mean that federated platform’s wont work, far from it. Im more considering the reputational damage of the platform. For me all the .ml instances unresolvable. And it doesn’t look good when the “official” instance is lost. If i were an outsider considering moving to lemmy and i saw vlemmy disappear, lemmy world get hacked, and .ml loosing their domains id be pretty hesitant on making the switch. Thats where i sit for the moment. Lets all hope we can get a good track record going now.
Lemmy has had such a crazy month and a half. Insane growth, XSS injections, DDOS attacks, admin takeover, domain name seizures. What a wild ride
That’s how every service starts. Let’s keep going
Facts. And such drama does make Lemmy more appealing in a way
and still better than using official Reddit app (and still better than Reddit overall) lol
What’s this about an admin takeover?
I think they are referring to this
oh, the XSS injection? I thought it would be some admins fighting over who owned the instance or something like that lol
Welcome to the real world
And we’re still here, going strong. Long live the Fediverse.
My boy Lemmy is growing up!
I hope FMHY comes back. Didn’t realise how much I liked it until it was gone.
I’m happy with the app because I would get suspicious every time the link changes again… pffff
Is there some news coverage on the mali governments actions? I couldn’t find anything on my quick google search
https://domainincite.com/28897-freenom-is-losing-another-cctld-after-collecting-military-emails
It was good while it lasted and they managed to keep it going longer than my first instance (two days)
Not all instances are created equal however one I tried to sign upto their email verification didn’t work and others just didn’t bother to activate my account for whatever the reason.
Happy to see your on shitjustworks now, it’s a solid one
But they only took the domain name, not the server? So it should be no issue to just get another domain, change a bit of config on the system and web server, and be up and running in no time?
Sure, but depending on which timezone they are in, it could be nighttime for them
Not that easily, no. With ActivityPub your user ID is tied to the instance URL. If you subscribe to a community for example, when that community tries to “honor” your subscription by sending you updates of what is happening, it’ll go to that
.mldomain and be lost.There’s no official supported way to change your instance domain other than to start fresh. They might be able to do something hacky such as change all of the domains in the database and while locally that might appear to work, I don’t know if it would work across the federation.
I do know on the instance I run, I accidentally broke the webserver config for one of the ActivityPub endpoints and the result was that when I sent out comments, it never actually got federated / published yet I can still see them from my instance. New subscriptions also didn’t work. It was as if I effectively shadow-banned the instance by accident.
Good timing for Reddit …. Wait….
What happens when it goes down, will all of the posts be gone?