An update:
- fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
- As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
- We have backups, so don't worry about data loss (you can view them on other instances anyway)
Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.
An update:
fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
We have backups, so don’t worry about data loss (you can view them on other instances anyway)
Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.
It was good while it lasted and they managed to keep it going longer than my first instance (two days)
Not all instances are created equal however one I tried to sign upto their email verification didn’t work and others just didn’t bother to activate my account for whatever the reason.
Does this have anything to do with the whole email thing from the American military? According to the financial times, there are about 117.000 emails send to .ML addresses instead of .MIL…
Somewhat related. Basically, the management of the .ml TLD are being handed back to Mali government, and they seem to revoking.ml domains left and right.
I suspect they’re revoking registration for .ml domains that was registered for free. the company that originally managed .ml domains had a free domain offers where you could register any .ml domain for free, the caveat is you don’t have the ownership right to that free domain. Maybe Mali government doesn’t honor such free domain registration and wish to revoke them all.
There was a report in the beginning of June that things started looking weird. The registration of new .ml domains shut down in the beginning of the year.
In short, the Mali government just gave some random 3rd party a ten-year contract to hand out the domains for free, which the third party did without too much care or attention. It would have been up to the third party to notify domain owners, but as they’re not paying and probably don’t even have contracts themselves, there was little incentive to do so.
As far as I can understand, it relates to the US military scandal only indirectly: As the .ml domains are now returning to the government of Mali, it becomes a lot more problematic that the US keep directing their emails there, and the person in charge of managing the domain went public about the security threat.
I understand it as the Mali government is taking back all the domains after a subletting contract ran out. A lot of sensitive emails that should go to .mil (US military) has been typo-sent to .ml-addresses instead. Here’s some more reading.
(I am very tired here and might have misunderstood everything, please correct me if I am wrong)
Perhaps the military should have a system in place to not allow emails to be sent outside of very specific TLDs if it’s that sensitive? And perhaps have an automated contact book, instead of relying on someone typing out the to: address manually to be able to make that mistake in the first place?
Seems like some very basic security measures for something so serious.
For most situations, there is a global address list that members can use. There are instances where emails need to be sent outside of the .mil domain though, such as to other government agencies that use a .gov, or to contractors on commercial domains, as well as to partner nations that will be on their own countries’ domains.
Yeah that’s super easy to integrate. I used to work in cyber security for a bank and even I was only allowed to send to internal domains initially. I had to file for exceptions for contractors and vendors and stuff.
lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I’ve got a good number of community subscriptions there.
This wouldn’t happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don’t think it’s worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.
Good thing join-lemmy is safely tucked away in a .org domain.
This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.
If it was always going to happen, now isn’t really a bad time. Sure, a month ago would have been better, but people still haven’t been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.
I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.
Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it “disables” an entire instance, cuts it off from federation and locks out users.
Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!
I’m now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.
Would the instances they’ve federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?
Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that’s about it. Their admins would probably have to block/defederate them manually.
Currently, activitypub identity is tied to domain name. Mastodon support migration as long as the old domain is still up during the migration process, but AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
Someone should tell Lemmy devs and send them a crate of coffee because it’ll be a race to implement domain migration before all .ml domains got shut down.
From that point of view, yes. That’d mess things up, you’re right. But from my understanding, they won’t lose any data, accounts will remain, as well as subscriptions that lemmy.ml users have. Or am I wrong?
The problem is, if they don’t have access to their original .ml domain, their accounts are still tied to it. That means if they try to interact, such as subscribing to a community, when the data for that action tries to be sent back (such as updates) it’ll go to the .ml domain, which they wouldn’t receive.
Lemmy doesn’t have a built in way to just change the domain name, or really any of the ActivityPub services AFAIK. You’d have to either really do some hacky stuff to get around it (which could result in unknown issues down the line) or reset everything.
Most of the hacky ways around it involve retaining ownership of the old domain and leaving it up indefinitely as a pointer to the new location. If your domain is taken from you though there is not much you can do.
Seriously dumb to have used this TLD considering there are a ton of choices these days.
deploying the fediverse instances-instance communication on top of a mesh-net like yggdrasil, using their addresses as domain names, may be a quick fix without having to change the paradigm
Right. This will basically make nearly every /c live in .world as all of the .ml /c’s go defunct. That, or Beehaw, which is walled off from everyone else.
(Side note… my work’s firewalls block everything *.ml – and that’s the only thing that saved me from creating my account there)
Never hurts. Could be a good opportunity to look around the threadiverse and see if you find anything interesting.
However, as it only affects the domain, I expect the Lemmy developers will manage to migrate user data to the new domain should lemmy.ml go down. So your account won’t just disappear, but it might go down for a while. It might also affect communities hosted on .ml domains, as followers from other instances will not have the correct path any more.
Yeah, they are actively working on functionality to migrate user accounts and other data between instances, so that they can use that functionality to migrate everything on an instance to another instance.
Since migrating data affects all the replicated data on other instances as well, I guess when they migrate lemmy.ml somewhere else, all of Lemmy will be down for a day or two, being just overloaded with all the migration stuff.
Currently, activitypub identity is tied to domain name. While mastodon support migration as long as the old domain is still up during the migration process, AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
So basically, if you switch your instance domain, you’ll mess up all your federation network, unless Lemmy devs implement a solution soon.
Thanks for that, was concerned about keeping my subscription to that community. Keep us posted and let us know where you end up so I can change over my community subscription.
Anyway I think the lesson learned here is don’t use free TLDs. Lemmy is not at all designed to deal with domain name changes.
Re-federation is probably possible. BUT! You’re going to always have problems with older content. Case in point my federation error messages is at 2300. About half are failed requests on fmhy.ml.
So for re-federation what’s needed:
1: Remote instances should unsubscribe all users from any fmhy groups. They’re dead now. They can only announce that and hope they do. I reckon when their errors start ramping up (as I saw yesterday) they will be looking into why. Probably to help de-federate from the old URL
2: The fmhy instance should unsubscribe all users from all remote groups but keep a note of the groups while identifying as fmhy.ml. Then once on a configuration for the new domain re-subscribe to each one. The first step should hopefully stop them trying (and failing) to federate new events to the old URL. The second step should trigger federation with the new one.
3: They could be able to keep the DB. But I am not sure in what places the old domain might be stored in the DB and what would need fixing there. Also not sure if they’d need to regenerate keys. Not sure if they’ll see the key was attached to the old domain and refuse to talk to the instance.
Now what’s going to be a problem? Well ALL the existing content out there has references to users on the old domain. It’s VERY hard to fix that. Like every instance would need to fix their database. Not worth it. But, whenever someone likes/unlikes or comments or whatever a post made from fmhy.ml then there’s a good chance a remote instance will queue up a retrieval of:
1: User info about the poster/commentor/liker
2: Missing comments/posts for a like/comment event
And those will fail and error log. I don’t think there’s a way around that aside from editing the whole database on every instance. Again, IMO not worth it.
Would be a nice federation feature if, provided you could identify with the correct private key, announce a domain change which would automatically trigger the above in federated instances, or at the very least some kind of internal redirect for outgoing messages.
If I’m running lemmy.world, I wouldn’t unsubscribe my people. I’d wait for that instance to move to a new domain and just find/replace in the database.
Not every instance needs to migrate fmhy. Some can just leave that stuff broken. If the biggest half dozen instances migrate manually, fmhy would be able to keep most of their subscribers.
I do wonder how often instances will keep looking for fmhy without intervention. Seems like tooling to migrate or discontinue an instance wouldn’t be too difficult to build. At least it wouldn’t if they didn’t have a million other things on their plate.
We could use a few less third party clients and more work on Lemmy itself. Unless you’re going to bring over your userbase like RiF and Apollo can.
Yes, although you might need to fudge keys if they’re properly enforced. Looking at kbin I can see requests are at least signed with the private key. Not sure if the public key is stored somewhere in database, or is pulled from the instance using DNS as a security guarantor (I guess) every time.
I don’t have any subscriptions to them, but I have those 1000+ errors just from posts their users were involved in.
Afaik mastodon has a way for instances to migrate to a new domain, but the old domain must be up during the migration process. Lemmy on the other hand don’t even have any domain migration procedure yet. People will probably go nuts about this on their GitHub issues portal.
Possibly. I think mastadon has been around a bit longer though? Not sure why the old domain must be up. Unless they don’t store public keys of known instances and they rely on DNS for the security.
e.g. Instance A signs a request, Instance B queries Instance A via DNS lookup (as is normal) and checks public key confirms signature and allows it.
I got curious so I start digging into how mastodon do it. It’s more like a hack, really. Mastodon uses WebFinger to resolve user account, so when you change domain, you can leave the old domain up so your federated servers can still resolve your users and realized the domain has been changed and update their federation data. But it turns out you can’t exactly retire the old domain either because it’s still tied to user account internally. So if you lose control of your old domain, you’re probably as screwed as fmhy.ml.
Yeah, which is why I think storing remote user and instance public keys might be better. Then that can be used to authenticate the migration request (it’d probably need to be an extension to the activitypub standard).
The biggest problem I see is that an instance doesn’t know about all the instances that have data pointing to them. So how does it communicate the changes to everyone? The mastadon way is probably the sensible way to do it, despite not supporting the loss of control of domain scenario.
Only instances with a “.ml” at the end of the name may or may not be affected. Lemmy is a collection of instances so the loss of a few will not cripple the whole thing. Content over the whole is not greatly affected.
If your home log-in instance is one that’s affected, you’ll have to find a new one. You’ll know right away because the instance will be unreachable. Not a big deal, last time I looked there was over 1200 instances to chose from.
Another consideration is any communities living on an affected instance may have issues. All communities are common to Lemmy, but each originates from a particular instance. We’ve not yet seen a major instance go down so I don’t know how Lemmy deals with communities getting orphaned like that.
It means anybody who will want to go to site lemmy.fmhy.ml will not load site and would think its down, maybe some will find out on google about it, some are already on multiple instances…
Governments just love doing stuff whenever they can, because what are you gonna do? This is a country under a military junta, there is no legal process to get back the domain.
They just handed off the management of .ml domains to a third party on a ten-year contract, and the contract is now ending.
So I guess Mali is honouring its contracts, and I doubt the third party provided anyone with contracts going beyond the ten year period they could guarantee for. I doubt the third party provided contracts at all to be honest.
Damn, lemmy.zip, eh? If that instance is public, I don’t see that being a good thing.
Tons of businesses, people, etc, are all banning .zip and .mov TLDs for security purposes. I’ve personally banned all those domains from my network as well.
Actually really huge security threats. It’s a very good idea to block them. I especially did because my girlfriend works for the government and does some secret stuff that can’t really get out, and she deals with a ton of real .zip files. I think everyone regardless of who they are should make sure to block them.
There are a few problems, but I believe the biggest issue is that .zip and .mov are valid and common file extensions, and it’s common for people to write something like ‘example dot zip’ or ‘attachment dot mov’ in emails, tweets, etc. Things like email clients have features where they automatically convert text that looks like a web address into clickable links. So now, retroactively, all those emails etc suddenly have a link, where they used to just have text, and the domains that are equivalent to those previously benign file names are being purchased by nefarious actors to exploit people unaware of the issue.
But there’s only an issue if the software you’re using auto linkifies the domain. They often don’t and won’t. This seems like a hypothetical problem that probably doesn’t exist for most major software. I certainly know no email software is gonna auto linkify this.
If you’re curious, you can see if whatever software you’re viewing this post in auto linkifies (neither are for me): hshshssu.zip iwuf8aowk.mov
(And if we’re manually linkifying, then you don’t need to use the new TLD. Eg, not-a-virus.zip.)
At 1:30 in that second video, he shows that YouTube already converts dot zip domains, even in old comments that predate the domain’s existence. At 3:19, he shows/mentions Twitter, Reddit, Facebook, and LinkedIn. I would consider those major platforms. And keep in mind, it only takes one person downloading one file to cause major damage - the LMG hack was due to someone downloading and trying to open a fake PDF that was sent via email: https://youtu.be/yGXaAWbzl5A.
So yes, not everything does or will auto convert the links, but I think you are underestimating the potential for issues here.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
It was good while it lasted and they managed to keep it going longer than my first instance (two days)
Not all instances are created equal however one I tried to sign upto their email verification didn’t work and others just didn’t bother to activate my account for whatever the reason.
Happy to see your on shitjustworks now, it’s a solid one
What about lemmy.ml? Can govt just take their domain?
I think in theory yes, since the .ml tld is now managed by the Mali government instead of some guy that had an agreement with them.
Does this have anything to do with the whole email thing from the American military? According to the financial times, there are about 117.000 emails send to .ML addresses instead of .MIL…
Translated page: https://tweakers-net.translate.goog/nieuws/211828/nederlander-die-ml-voor-mali-beheert-kreeg-duizenden-e-mails-amerikaanse-leger.html?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp
deleted by creator
Somewhat related. Basically, the management of the .ml TLD are being handed back to Mali government, and they seem to revoking.ml domains left and right.
I suspect they’re revoking registration for .ml domains that was registered for free. the company that originally managed .ml domains had a free domain offers where you could register any .ml domain for free, the caveat is you don’t have the ownership right to that free domain. Maybe Mali government doesn’t honor such free domain registration and wish to revoke them all.
If this was a planned takeover by the government, why was there no notification sent in time? Why is lemmy.ml not shut down in parallel?
There was a report in the beginning of June that things started looking weird. The registration of new .ml domains shut down in the beginning of the year.
In short, the Mali government just gave some random 3rd party a ten-year contract to hand out the domains for free, which the third party did without too much care or attention. It would have been up to the third party to notify domain owners, but as they’re not paying and probably don’t even have contracts themselves, there was little incentive to do so.
As far as I can understand, it relates to the US military scandal only indirectly: As the .ml domains are now returning to the government of Mali, it becomes a lot more problematic that the US keep directing their emails there, and the person in charge of managing the domain went public about the security threat.
WIll this also affect all other .ml domains? Or is this some anti-piracy thing? (I don’t know fmhy, but from the name I guess it’s about piracy.)
I understand it as the Mali government is taking back all the domains after a subletting contract ran out. A lot of sensitive emails that should go to .mil (US military) has been typo-sent to .ml-addresses instead. Here’s some more reading.
(I am very tired here and might have misunderstood everything, please correct me if I am wrong)
Perhaps the military should have a system in place to not allow emails to be sent outside of very specific TLDs if it’s that sensitive? And perhaps have an automated contact book, instead of relying on someone typing out the to: address manually to be able to make that mistake in the first place?
Seems like some very basic security measures for something so serious.
For most situations, there is a global address list that members can use. There are instances where emails need to be sent outside of the .mil domain though, such as to other government agencies that use a .gov, or to contractors on commercial domains, as well as to partner nations that will be on their own countries’ domains.
Yeah that’s super easy to integrate. I used to work in cyber security for a bank and even I was only allowed to send to internal domains initially. I had to file for exceptions for contractors and vendors and stuff.
Internally they do block that but the problem are people outside the network sending something to a .mil address and mistyping.
This says that they block outgoing mail to .ml domains from its network.
https://domainincite.com/28897-freenom-is-losing-another-cctld-after-collecting-military-emails
Edit: wrong link
It seems to be Mali just wanting their domains back, in which case it’s uncertain times for all .ml domains.
rip lemmy.ml
lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I’ve got a good number of community subscriptions there.
This wouldn’t happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don’t think it’s worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.
Good thing join-lemmy is safely tucked away in a .org domain.
This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.
If it was always going to happen, now isn’t really a bad time. Sure, a month ago would have been better, but people still haven’t been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.
I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.
Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it “disables” an entire instance, cuts it off from federation and locks out users.
Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!
I’m now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.
Would the instances they’ve federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?
I think they need the private key for the https certificate to do that
Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that’s about it. Their admins would probably have to block/defederate them manually.
It’s just the domain, though. That’s not a big deal to change.
Currently, activitypub identity is tied to domain name. Mastodon support migration as long as the old domain is still up during the migration process, but AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
Someone should tell Lemmy devs and send them a crate of coffee because it’ll be a race to implement domain migration before all .ml domains got shut down.
Federation connections are by domain name, so … it is a big deal
From that point of view, yes. That’d mess things up, you’re right. But from my understanding, they won’t lose any data, accounts will remain, as well as subscriptions that lemmy.ml users have. Or am I wrong?
The problem is, if they don’t have access to their original
.mldomain, their accounts are still tied to it. That means if they try to interact, such as subscribing to a community, when the data for that action tries to be sent back (such as updates) it’ll go to the.mldomain, which they wouldn’t receive.Lemmy doesn’t have a built in way to just change the domain name, or really any of the ActivityPub services AFAIK. You’d have to either really do some hacky stuff to get around it (which could result in unknown issues down the line) or reset everything.
Oh, it’s more complex than I expected. Thanks for explaining. I was wrong.
Most of the hacky ways around it involve retaining ownership of the old domain and leaving it up indefinitely as a pointer to the new location. If your domain is taken from you though there is not much you can do.
Seriously dumb to have used this TLD considering there are a ton of choices these days.
deploying the fediverse instances-instance communication on top of a mesh-net like yggdrasil, using their addresses as domain names, may be a quick fix without having to change the paradigm
Right. This will basically make nearly every /c live in .world as all of the .ml /c’s go defunct. That, or Beehaw, which is walled off from everyone else.
(Side note… my work’s firewalls block everything *.ml – and that’s the only thing that saved me from creating my account there)
Think about all the links to lemmy.ml
The instance is known by its domain name in the federation network. If that domain name changes, it’s like starting a new instance from scratch.
Sounds like a complicated project to migrate communities and posts and users to a new instance without breaking something.
Shall I make an account in another instance?
I’ve migrated from fmhy to feddit.uk, luckily my subscriptions were on a cached web page soon was able to manually re-subscribe.
Never hurts. Could be a good opportunity to look around the threadiverse and see if you find anything interesting.
However, as it only affects the domain, I expect the Lemmy developers will manage to migrate user data to the new domain should lemmy.ml go down. So your account won’t just disappear, but it might go down for a while. It might also affect communities hosted on .ml domains, as followers from other instances will not have the correct path any more.
Yeah, they are actively working on functionality to migrate user accounts and other data between instances, so that they can use that functionality to migrate everything on an instance to another instance.
Since migrating data affects all the replicated data on other instances as well, I guess when they migrate lemmy.ml somewhere else, all of Lemmy will be down for a day or two, being just overloaded with all the migration stuff.
Thanks for the info.
Nope. Domains don’t store data. They can change domain and keep all the data.
Unfortunately, no.
Currently, activitypub identity is tied to domain name. While mastodon support migration as long as the old domain is still up during the migration process, AFAIK Lemmy doesn’t even have a process to migrate an instance to a new domain yet.
So basically, if you switch your instance domain, you’ll mess up all your federation network, unless Lemmy devs implement a solution soon.
Calckey.social will be transferring all data to new firefish.social, first in the Fediverse.
First I join Vlemmy.net and then FMHY.ML… I am afraid whatever instance I join next will collapse 😭
I’m sorry but for the good of all instances I’m afraid you will need to become a lurker 😔
I also joined vlemmy.net and it came down between fmhy.ml and sh.itjust.works. Guess I got lucky!
Are you me? Same instances, same order…
…same fear.
.ee is owned by Estonia. Just pray Estonia wouldn’t do the same shenanigan and cause your instance to go down.
tbf Estonia is a stable EU country and Sunaurus (the admin of lemm.ee) is from Estonia so it’s not that strange
Thanks for that, was concerned about keeping my subscription to that community. Keep us posted and let us know where you end up so I can change over my community subscription.
Anyway I think the lesson learned here is don’t use free TLDs. Lemmy is not at all designed to deal with domain name changes.
FYI discussion on lemmy.ml about it
https://lemmy.ml/post/2286939
Re-federation is probably possible. BUT! You’re going to always have problems with older content. Case in point my federation error messages is at 2300. About half are failed requests on fmhy.ml.
So for re-federation what’s needed:
1: Remote instances should unsubscribe all users from any fmhy groups. They’re dead now. They can only announce that and hope they do. I reckon when their errors start ramping up (as I saw yesterday) they will be looking into why. Probably to help de-federate from the old URL
2: The fmhy instance should unsubscribe all users from all remote groups but keep a note of the groups while identifying as fmhy.ml. Then once on a configuration for the new domain re-subscribe to each one. The first step should hopefully stop them trying (and failing) to federate new events to the old URL. The second step should trigger federation with the new one.
3: They could be able to keep the DB. But I am not sure in what places the old domain might be stored in the DB and what would need fixing there. Also not sure if they’d need to regenerate keys. Not sure if they’ll see the key was attached to the old domain and refuse to talk to the instance.
Now what’s going to be a problem? Well ALL the existing content out there has references to users on the old domain. It’s VERY hard to fix that. Like every instance would need to fix their database. Not worth it. But, whenever someone likes/unlikes or comments or whatever a post made from fmhy.ml then there’s a good chance a remote instance will queue up a retrieval of:
1: User info about the poster/commentor/liker
2: Missing comments/posts for a like/comment event
And those will fail and error log. I don’t think there’s a way around that aside from editing the whole database on every instance. Again, IMO not worth it.
Would be a nice federation feature if, provided you could identify with the correct private key, announce a domain change which would automatically trigger the above in federated instances, or at the very least some kind of internal redirect for outgoing messages.
If I’m running lemmy.world, I wouldn’t unsubscribe my people. I’d wait for that instance to move to a new domain and just find/replace in the database.
Not every instance needs to migrate fmhy. Some can just leave that stuff broken. If the biggest half dozen instances migrate manually, fmhy would be able to keep most of their subscribers.
I do wonder how often instances will keep looking for fmhy without intervention. Seems like tooling to migrate or discontinue an instance wouldn’t be too difficult to build. At least it wouldn’t if they didn’t have a million other things on their plate.
We could use a few less third party clients and more work on Lemmy itself. Unless you’re going to bring over your userbase like RiF and Apollo can.
Yes, although you might need to fudge keys if they’re properly enforced. Looking at kbin I can see requests are at least signed with the private key. Not sure if the public key is stored somewhere in database, or is pulled from the instance using DNS as a security guarantor (I guess) every time.
I don’t have any subscriptions to them, but I have those 1000+ errors just from posts their users were involved in.
Afaik mastodon has a way for instances to migrate to a new domain, but the old domain must be up during the migration process. Lemmy on the other hand don’t even have any domain migration procedure yet. People will probably go nuts about this on their GitHub issues portal.
Possibly. I think mastadon has been around a bit longer though? Not sure why the old domain must be up. Unless they don’t store public keys of known instances and they rely on DNS for the security.
e.g. Instance A signs a request, Instance B queries Instance A via DNS lookup (as is normal) and checks public key confirms signature and allows it.
I got curious so I start digging into how mastodon do it. It’s more like a hack, really. Mastodon uses WebFinger to resolve user account, so when you change domain, you can leave the old domain up so your federated servers can still resolve your users and realized the domain has been changed and update their federation data. But it turns out you can’t exactly retire the old domain either because it’s still tied to user account internally. So if you lose control of your old domain, you’re probably as screwed as fmhy.ml.
Yeah, which is why I think storing remote user and instance public keys might be better. Then that can be used to authenticate the migration request (it’d probably need to be an extension to the activitypub standard).
The biggest problem I see is that an instance doesn’t know about all the instances that have data pointing to them. So how does it communicate the changes to everyone? The mastadon way is probably the sensible way to do it, despite not supporting the loss of control of domain scenario.
Hello! I’m new to Lemmy, could someone break this down like I’m 5 and explain what it means for the people who were already on there?
Only instances with a “.ml” at the end of the name may or may not be affected. Lemmy is a collection of instances so the loss of a few will not cripple the whole thing. Content over the whole is not greatly affected.
If your home log-in instance is one that’s affected, you’ll have to find a new one. You’ll know right away because the instance will be unreachable. Not a big deal, last time I looked there was over 1200 instances to chose from.
Another consideration is any communities living on an affected instance may have issues. All communities are common to Lemmy, but each originates from a particular instance. We’ve not yet seen a major instance go down so I don’t know how Lemmy deals with communities getting orphaned like that.
It means anybody who will want to go to site lemmy.fmhy.ml will not load site and would think its down, maybe some will find out on google about it, some are already on multiple instances…
Also all links to lemmy.fmhy.ml are dead/gone now.
Btw the domain *.ml was free as i read, at least they could get some 1-5 USD domain name extension.
I migrated, but I would happily rejoin under a different tld.
Is Mali gov just removing all DNS records without warning?
No respect for existing contracts, or at least some heads up a couple of months earlier.
Governments just love doing stuff whenever they can, because what are you gonna do? This is a country under a military junta, there is no legal process to get back the domain.
They just handed off the management of .ml domains to a third party on a ten-year contract, and the contract is now ending.
So I guess Mali is honouring its contracts, and I doubt the third party provided anyone with contracts going beyond the ten year period they could guarantee for. I doubt the third party provided contracts at all to be honest.
Freenom (the third party in question) has been pretty shady for years. I got burned with their free .tk names a few times back in the day.
Now that we see things like this can happen, maybe we can make it easier to resolve going forward.
glad to see them not go down the vlemmy path
Damn, lemmy.zip, eh? If that instance is public, I don’t see that being a good thing.
Tons of businesses, people, etc, are all banning .zip and .mov TLDs for security purposes. I’ve personally banned all those domains from my network as well.
Bold move.
i don’t doubt there have been a lot of cases of those tlds used for scams but i haven’t been negatively effected by this instances domain name.
feel free to read the discussion about it here though
I can’t open that link because I block .zip domains lol
What’s the issue with those TLDs?
https://www.trendmicro.com/en_us/research/23/e/future-exploitation-vector-file-extensions-as-top-level-domains.html
Actually really huge security threats. It’s a very good idea to block them. I especially did because my girlfriend works for the government and does some secret stuff that can’t really get out, and she deals with a ton of real .zip files. I think everyone regardless of who they are should make sure to block them.
See https://youtu.be/GCVJsz7EODA and https://youtu.be/V82lHNsSPww
There are a few problems, but I believe the biggest issue is that .zip and .mov are valid and common file extensions, and it’s common for people to write something like ‘example dot zip’ or ‘attachment dot mov’ in emails, tweets, etc. Things like email clients have features where they automatically convert text that looks like a web address into clickable links. So now, retroactively, all those emails etc suddenly have a link, where they used to just have text, and the domains that are equivalent to those previously benign file names are being purchased by nefarious actors to exploit people unaware of the issue.
Here is an alternative Piped link(s): https://piped.video/GCVJsz7EODA
https://piped.video/V82lHNsSPww
Piped is a privacy-respecting open-source alternative frontend to YouTube.
I’m open-source, check me out at GitHub.
But there’s only an issue if the software you’re using auto linkifies the domain. They often don’t and won’t. This seems like a hypothetical problem that probably doesn’t exist for most major software. I certainly know no email software is gonna auto linkify this.
If you’re curious, you can see if whatever software you’re viewing this post in auto linkifies (neither are for me): hshshssu.zip iwuf8aowk.mov
(And if we’re manually linkifying, then you don’t need to use the new TLD. Eg, not-a-virus.zip.)
At 1:30 in that second video, he shows that YouTube already converts dot zip domains, even in old comments that predate the domain’s existence. At 3:19, he shows/mentions Twitter, Reddit, Facebook, and LinkedIn. I would consider those major platforms. And keep in mind, it only takes one person downloading one file to cause major damage - the LMG hack was due to someone downloading and trying to open a fake PDF that was sent via email: https://youtu.be/yGXaAWbzl5A.
So yes, not everything does or will auto convert the links, but I think you are underestimating the potential for issues here.
Yeah, you have a point. I may go block those TLDs tonight.
What happened to vlemmy?
Nobody really knows for sure. It just sort of disappeared one day with no warning.
Is this going to be an unsolved mystery of the Internet? A spooky Fediverse legend?
Yes, that’s reassuring. Also, nice to see their main website, I never actually noticed it existed
Frick, my website uses .ml and it’s gone.
Are you using the free domain deal, or are you paying for your .ml domain? I suspect they only revoking those unpaid .ml domains.
Freebie. I actually bought a new domain this time.
You might still buy your old .ml domain once Mali government open up registration again, assuming domain squatters doesn’t grab it first.
I only used that domain because it’s free. Now I’m buying an actual domain, I’m not going back to that one.
Lost mine too, had an .ml domain for testing servers. Was baffled why the DNS won’t resolve, then I see this.
Crap, sorry to hear that