Lemmy as a whole not being hurt even if some domains are gone is the entire point of being decentralized. But yeah, it’s really bad that communities made there will also be gone as it is now.
We need user and community migration like Mastodon has, and quick.
Counterpoint: the generic communities being hosted on Lemmy.ml (an instance with a very strong political identity) simply because it was oldest was a real risk for the growth of Lemmy as a whole and this is a fantastic opportunity to rebuild those core communities on more generic Instances like Lemmy.world.
Eh, it’ll probably just bounce back tbh. With something this big, lemmy.ml can probably convince other fedi admins to migrate everyone’s subscriptions over
@RxBrad same, but there’s generally sim communities on other instances too. It will suck if lemmy.ml gets yanked. But given they haven’t yet, they best be prepping to move ASAP.
This is one of the problems with using country TLDs. They look cute, but when you buy it, you may not realize who controls it. Lemm.ee is similarly in a precarious position.
I really wish we could all agree to stop using country TLDs for this
For .ca specifically: as long as you are a Canadian individual, or have a sufficient connection to Canada, or a Corp with a trademark registered in Canada then you are qualified to own that domain - but as to who is really checking I have no idea… CIRA complainants maybe?
A domain takedown was never able to shut a server down, not even with centralized servers. Most big services are accessible via multiple domains of different countries, and this would just disable one of them. But for the Fediverse that means that they also “disabled” an entire instance with all its users.
This actually shows us that relying on domains can be a problem for the Fediverse! Imo we need to upgrade the federation protocol to be able to handle these things, like propagating a domain change or migrating accounts to other instances.
Because you need a way to be reachable over HTTPS for other instances to be able to securely send you updates (new posts/comments/votes etc.), so you need a trusted certificate. While HTTPS does not strictly require a domain name1 it vastly simplifies the process.
1: It’s possible to get a trusted certificate for an IP address, but not nearly as easy as getting one for a domain. And it’s probably also more expensive than just getting a domain and using Let’s Encrypt to get a certificate.
Feels like this is the core key to be changed. Something like Debian’s packaging system for example, which doesn’t even need the Debian domain to be HTTPS.
Dunno the exacts, but why not the good ol’ GPG? You only need to be able to exchange keys out-of-band once, and it saves you from lots of other issues. Trust between Alice and Brian is a between-them thing, and should not depend on a thrid party like Caroline arbitrarily deciding to change Brian’s legal name to Brandon.
Debian packages are signed individually, and usually people also don’t see downloading Debian packages as potentially privacy-sensitive, so plain download is acceptable.
For lemmy where user accounts are involved, and in general as a new protocol designed in the age of HTTPS, it makes sense to require HTTPS.
yeah and some countries with popular tld’s (.fm,.tv) like the revenue they generate and have no interest in disturbing that situation. That said, there’s always a risk, especially since things can change, governments change etc.
Yes, governence is key. That should ideally have it’s users as stakeholders and be for public benefit and not for profit. Oh and be efficient. There’s no technical reason why domains should cost more than $5.
There has to be a government connection since the DNS infrastructure in a developed country has to protected against bad actors will necessarily be linked, but not controlled, by national cybersecurity.
Oh and it should be a politically stable country. Problematical for the US?
“.onion addresses and bitcoin addresses are secure and decentralized but not human-meaningful;”
All “crypto as in blockchains” requires trust and buy-in to that blockchain, and someone to put it on the blockchain. It being internally secure/trustworthy does not intrinsically mean it’s globally secure/trustworthy.
Sure, for the general case. In practice, we can look at Ethereum’s blockchain which has all the “buy-in” and “trust” enough to the point that it’s used to hold billions worth of value and is secured by the its validator network.
Ethereum has outlasted competing attempts to graft data onto a blockchain. It’s a long, long way from being accepted for general use by anyone who isn’t an enthusiast. The evaluation of a currency/company/blockchain is a measure of investor interest, little more.
You’re also misunderstanding. The problem isn’t whichever blockchain, the problem is that it’s still just a database. Someone has to be trusted to validate an entry. Whether that’s a trusted party, which defeats the point, or a consensus mechanism, which quickly becomes arbitrary/random, that the validation mechanism to interface with the ‘real world’ is the same weak point any other centralized database has. That the nodes are decentralized and cryptographically secure isn’t relevant.
I attend a worldwide unicycling convention every other year with thousands of attendees and millions of people have seen unicyclists. I wouldn’t call it mainstream.
Ethereum is still in the “garage band” phase. It (and BitCoin) had some commodity speculators jump in to make a quick buck and generate headlines. But other than that there’s a few thousand enthusiasts and the people they’ve managed to get interested, and little clear idea of where/how to build from there. For basically every blockchain use case the non-decentralized versions are at least an order of magnitude faster and simpler for the end user to understand. Unfortunately “It’s more secure” has never been a huge selling point in tech.
I might be unaware of some technical issues here but why not just get another domain, point it at the server, then update the database to change all references to lemmy.ml to thenewdomain.tld and then make an announcement on a couple of the bigger instances? Federation will take care of propagating the news far and wide. Then, as users hear the news they can just login using the same details and those of us subscribed to Communities on .ml can just update our subscriptions.
I mean, it’s not a perfect solution but it’ll work, surely?
The problem is with the federation. Other instances will try to federate with the old domain and won’t recognize the new domain. Simply changing your domain will not update federation in other instances. AFAIK work is still underway to allow migrating to a new domain and allow other instance to recognize the domain change.
It’s my understanding that this isn’t possible. Migrating domains in Lemmy is not supported though it is possible with some very hacky solutions like you’re describing. But the old domain needs to be retained indefinitely as a pointer to the new domain or it will break federation with other instances. If they lose control of the domain or can’t keep it basically forever then federation will break. They can potentially migrate users and posts, but it is effectively like resetting and starting over as a new instance.
Right, but if Mali do reclaim all the .ml domains out there then there’s little option? Yes, federation will break for .ml and yes it’ll be like starting over on a fresh instance but only in terms of federation - all the users, communities, posts and comments will still exist, just under a new domain. Once the new domain starts federating people will catch on, especially if the news is posted on the larger instances.
Don’t get me wrong, I’m not saying its not a problem, I’m just not sure its a total disaster either.
ActivityPub uses URLs as IDs for everything. And there’s no way to update those IDs, it’s possible to update inbox URLs and other things but the main address of the object itself is its URL and thus there’s no way to propagate it without essentially making a new one.
It’s not impossible to do, but managing to get that to federate to all instances in a sane way is not currently possible.
There’s a ridiculous amount of URLs in the database and even fixing all of those won’t fully do the job, as post content might still refer to the old URL and whatnot.
It’s a messy situation, you’re not supposed to lose your domain.
That seems like an ActivityPub problem, not a problem with the admin who lost the domain. Perhaps somebody should fix dumbass design flaws to the protocol.
Federations won’t survive with obvious flaws like that. It needs resilienacy.
You’ll have to go complain directly to the W3C for that. The situation is Lemmy may fix it with some custom protocol extensions, but then it’ll still break every other piece of software that follows the spec like Mastodon, Kbin and others.
It’s like adding a 6xx status to HTTP. You technically can, but expect every standard compliant clients to be confused and bail on it.
You can’t just change domains with emails either and have everything seemlessly migrate over. Not losing a domain is not a completely unreasonable assumption to make.
Thankfully the users and communities aren’t lost, it’s just that people outside of fmhy will have to resubscribe to the communities on the new domain.
There’s definitely better ways to handle this, like, the ID could be a public key or something. Chances of RSA/EC key conflicts is basically nonexistent or we wouldn’t use them.
But it’s the W3C, of course they assume URLs can and will be permanent. Your domain being seized is not something typical companies and organizations face. It’s something you expect to happen to a site hosting piracy and other illegal content, which FMHY is somewhat borderline with its piracy guides.
ActivityPub is not designed to be any sort of censorship resistant for sites that move addresses and servers frequently.
Who was the idiot that decided to use for a database ID an identifier that almost entirely depends on external (and, for fediverse purposes, usually antagonistic) entities?
The W3C, also known as the people who develop the web standards. It’s a reasonable expectation as you have to draw a line in the sand somewhere. Distributed identity is not a solved problem, so domains are the best solution we have right now.
What would you suggest they use as the identifier with which allows other entities uniquely identity you? There are no alternatives until you introduce a ton of cryptography, which is what DID hopes to address, but that’s still going to be bad UX.
The W3C, also known as the people who develop the web standards
Figures. The same people who added DRM to the web standards.
Now, I don’t know what other alternatives could have been used, but I know that URL was among the obvious ones to not use. Something that uniquely identifies you has to be non-transitive and non-revocable by a third party, of which URLs are neither (domain names are revocable, URLs don’t have addressing persistence let alone when you add query strings into the mix, etc). Among the few things that I can think are non-transitive and non-thirdparty-revocable are the good ol’ ssh-keygen keys, easy to generate and all that but I’ve never found a good mechanism or design to query about them.
The W3C, apparently. It’s both the ID and the URL of the object if you want to refresh it. They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.
Lemmy assigns it its own internal ID per instance but it’s only used internally for joins and stuff.
They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.
Immediate design issue right there: the URL of a user profile is not guaranteed to be unique, and while it can “”“only”“” be owned by the owner of the domain, 1.- it’s not owned by the user of the profile and 2.- the ownership by the domain owner is revocable by a third party.
Design-wise, it feels to me like they decided that land / house deeds could be certified by municipal traffic signage.
Oof best of luck to you guys on .ml instances, might be worth looking at buying a domain as a backup to migrate to. Don’t wanna be caught off guard like this especially if they are trying to recoup all their urls. I went with a .boo domain to be unique for my instance but there are loads of TLDs out there
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
A community to talk about the Fediverse and all it’s related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to [email protected]!
Rules
Posts must be on topic.
Be respectful of others.
Cite the sources used for graphs and other statistics.
Just looking at my list of subscribed communities… There are a lot on lemmy.ml.
They’re toast if Mali yoinks the domain name.
This seems really, really bad for Lemmy…
Lemmy as a whole not being hurt even if some domains are gone is the entire point of being decentralized. But yeah, it’s really bad that communities made there will also be gone as it is now.
We need user and community migration like Mastodon has, and quick.
Counterpoint: the generic communities being hosted on Lemmy.ml (an instance with a very strong political identity) simply because it was oldest was a real risk for the growth of Lemmy as a whole and this is a fantastic opportunity to rebuild those core communities on more generic Instances like Lemmy.world.
How does Mastodon do it differently?
You can migrate to another instance with all your followers very easily in Mastodon.
I can see Lemmy comms being able to do the same and it’s already been opened as an issue on the GitHub
Eh, it’ll probably just bounce back tbh. With something this big, lemmy.ml can probably convince other fedi admins to migrate everyone’s subscriptions over
@RxBrad same, but there’s generally sim communities on other instances too. It will suck if lemmy.ml gets yanked. But given they haven’t yet, they best be prepping to move ASAP.
This is one of the problems with using country TLDs. They look cute, but when you buy it, you may not realize who controls it. Lemm.ee is similarly in a precarious position.
I really wish we could all agree to stop using country TLDs for this
You have to be careful with any TLD. People outside the US have found themselves subject to US law because they had a US controlled domain name.
Some ccTLDs are fine, some are not, but you have to think carefully when you buy it.
Who owns or controls .world domains?
I think .ee and .ca are fine. lemmy.ca is for Canadians specifically
For .ca specifically: as long as you are a Canadian individual, or have a sufficient connection to Canada, or a Corp with a trademark registered in Canada then you are qualified to own that domain - but as to who is really checking I have no idea… CIRA complainants maybe?
Here’s some info about .world domains https://support.google.com/domains/answer/6300841?hl=en#zippy=%2Cterms-restrictions
Saving a search/click for people that don’t know which country .ee is: Estonia
deleted by creator
You want another beer?
I don’t see how this would be an issue with decentralised media either tbh. Probably a bit more of a headache, but that’s it
Is an internet pirate community an internet pirate community without the odd patch of rough seas?
yarr
A domain takedown was never able to shut a server down, not even with centralized servers. Most big services are accessible via multiple domains of different countries, and this would just disable one of them. But for the Fediverse that means that they also “disabled” an entire instance with all its users.
This actually shows us that relying on domains can be a problem for the Fediverse! Imo we need to upgrade the federation protocol to be able to handle these things, like propagating a domain change or migrating accounts to other instances.
I’ve been wondering why everyone has a domain on their instance, even if it’s a single-user personal thingy.
Because you need a way to be reachable over HTTPS for other instances to be able to securely send you updates (new posts/comments/votes etc.), so you need a trusted certificate. While HTTPS does not strictly require a domain name1 it vastly simplifies the process.
1: It’s possible to get a trusted certificate for an IP address, but not nearly as easy as getting one for a domain. And it’s probably also more expensive than just getting a domain and using Let’s Encrypt to get a certificate.
Feels like this is the core key to be changed. Something like Debian’s packaging system for example, which doesn’t even need the Debian domain to be HTTPS.
They don’t need it per se but there’s a reason apt-transport-https is a very popular package.
How does this works then?
Dunno the exacts, but why not the good ol’ GPG? You only need to be able to exchange keys out-of-band once, and it saves you from lots of other issues. Trust between Alice and Brian is a between-them thing, and should not depend on a thrid party like Caroline arbitrarily deciding to change Brian’s legal name to Brandon.
Debian packages are signed individually, and usually people also don’t see downloading Debian packages as potentially privacy-sensitive, so plain download is acceptable.
For lemmy where user accounts are involved, and in general as a new protocol designed in the age of HTTPS, it makes sense to require HTTPS.
Makes sense, thanks.
This makes little sense. Piracy domains get cracked down regularly and they simply move and mirror. Has nothing to do with the Fediverse.
@Aurix tell that to google & facebook in China. ;)
Is more annoying to move in the Fediverse because accounts are domain-based
So is there a place where we can access our lemmy.fmhy.ml accounts right now?
I didn’t realise you could do that, but then again I have no idea how country specific domains work
@dylanTheDeveloper In hindsight, getting a country domain as your main was not a biggest brain idea.
@renwillis @dylanTheDeveloper
Depends on the country. Some are imho better run than com/net/org.
Disclosure: my company is a country registrar.
Where does
.usfall on that scale?yeah and some countries with popular tld’s (.fm,.tv) like the revenue they generate and have no interest in disturbing that situation. That said, there’s always a risk, especially since things can change, governments change etc.
@joklhops
Yes, governence is key. That should ideally have it’s users as stakeholders and be for public benefit and not for profit. Oh and be efficient. There’s no technical reason why domains should cost more than $5.
There has to be a government connection since the DNS infrastructure in a developed country has to protected against bad actors will necessarily be linked, but not controlled, by national cybersecurity.
Oh and it should be a politically stable country. Problematical for the US?
What’s going on with/in Mali anyway? When I search, all the results are just about the US military email fuckup.
@WhoRoger yeah, apparently the company managing the domain, their 10 year contract is up and Mali decided not to renew and brought it in house. https://domainincite.com/28897-freenom-is-losing-another-cctld-after-collecting-military-emails
Ok so I guess the old registrar were a bunch of twats, so the gov kicked them out and in the process potentially benefits from the US mil email thing.
All while doing the typical government thing of messing things up for everybody because they don’t know how anything works.
Am I right?
I don’t think the email thing is connected to this. That just happened at roughly the same time.
Yea it just prevents one from searching what’s going on, because web results are filled with this.
So, I really don’t want to say “crypto solves this”, but name identities and ownership over domains is actually one of the valid use cases for NFTs.
Cryptography solved this a long time ago. No need for NFTs or anything “crypto”.
How can you solve Zooko’s Trilemma without “anything crypto”?
All “crypto as in blockchains” requires trust and buy-in to that blockchain, and someone to put it on the blockchain. It being internally secure/trustworthy does not intrinsically mean it’s globally secure/trustworthy.
Cryptography is not limited to blockchains.
Sure, for the general case. In practice, we can look at Ethereum’s blockchain which has all the “buy-in” and “trust” enough to the point that it’s used to hold billions worth of value and is secured by the its validator network.
Ethereum has outlasted competing attempts to graft data onto a blockchain. It’s a long, long way from being accepted for general use by anyone who isn’t an enthusiast. The evaluation of a currency/company/blockchain is a measure of investor interest, little more.
You’re also misunderstanding. The problem isn’t whichever blockchain, the problem is that it’s still just a database. Someone has to be trusted to validate an entry. Whether that’s a trusted party, which defeats the point, or a consensus mechanism, which quickly becomes arbitrary/random, that the validation mechanism to interface with the ‘real world’ is the same weak point any other centralized database has. That the nodes are decentralized and cryptographically secure isn’t relevant.
You have thousands of people running nodes and millions of people already having done at least one transaction, what’s your threshold then?
I attend a worldwide unicycling convention every other year with thousands of attendees and millions of people have seen unicyclists. I wouldn’t call it mainstream.
Ethereum is still in the “garage band” phase. It (and BitCoin) had some commodity speculators jump in to make a quick buck and generate headlines. But other than that there’s a few thousand enthusiasts and the people they’ve managed to get interested, and little clear idea of where/how to build from there. For basically every blockchain use case the non-decentralized versions are at least an order of magnitude faster and simpler for the end user to understand. Unfortunately “It’s more secure” has never been a huge selling point in tech.
I was on fmhy now I’m on blahaj.zone, but I have to re-find and subscribe to all my communities
FYI I made a little tool for migrating / backing up your Lemmy subscriptions, blocks, profile settings, etc.
Nothing to be done for fmhy now that it’s gone, but for the future, it might help to have a backup.
https://github.com/CMahaff/lasim
Thanks, I’ll probably forget to do it once I get things built up again
Big whoop mf! At least they got the data so that guys like you have something to subscribe
Explain yourself.
Fuck that’s cool. Makes me feel like an Alpha.
I might be unaware of some technical issues here but why not just get another domain, point it at the server, then update the database to change all references to lemmy.ml to thenewdomain.tld and then make an announcement on a couple of the bigger instances? Federation will take care of propagating the news far and wide. Then, as users hear the news they can just login using the same details and those of us subscribed to Communities on .ml can just update our subscriptions.
I mean, it’s not a perfect solution but it’ll work, surely?
The problem is with the federation. Other instances will try to federate with the old domain and won’t recognize the new domain. Simply changing your domain will not update federation in other instances. AFAIK work is still underway to allow migrating to a new domain and allow other instance to recognize the domain change.
It’s my understanding that this isn’t possible. Migrating domains in Lemmy is not supported though it is possible with some very hacky solutions like you’re describing. But the old domain needs to be retained indefinitely as a pointer to the new domain or it will break federation with other instances. If they lose control of the domain or can’t keep it basically forever then federation will break. They can potentially migrate users and posts, but it is effectively like resetting and starting over as a new instance.
Right, but if Mali do reclaim all the .ml domains out there then there’s little option? Yes, federation will break for .ml and yes it’ll be like starting over on a fresh instance but only in terms of federation - all the users, communities, posts and comments will still exist, just under a new domain. Once the new domain starts federating people will catch on, especially if the news is posted on the larger instances.
Don’t get me wrong, I’m not saying its not a problem, I’m just not sure its a total disaster either.
Yes. It doesn’t outright kill an instance, but it’s definitely a major inconvenience and a learning opportunity.
ActivityPub uses URLs as IDs for everything. And there’s no way to update those IDs, it’s possible to update inbox URLs and other things but the main address of the object itself is its URL and thus there’s no way to propagate it without essentially making a new one.
It’s not impossible to do, but managing to get that to federate to all instances in a sane way is not currently possible.
There’s a ridiculous amount of URLs in the database and even fixing all of those won’t fully do the job, as post content might still refer to the old URL and whatnot.
It’s a messy situation, you’re not supposed to lose your domain.
That seems like an ActivityPub problem, not a problem with the admin who lost the domain. Perhaps somebody should fix dumbass design flaws to the protocol.
Federations won’t survive with obvious flaws like that. It needs resilienacy.
You’ll have to go complain directly to the W3C for that. The situation is Lemmy may fix it with some custom protocol extensions, but then it’ll still break every other piece of software that follows the spec like Mastodon, Kbin and others.
It’s like adding a 6xx status to HTTP. You technically can, but expect every standard compliant clients to be confused and bail on it.
You can’t just change domains with emails either and have everything seemlessly migrate over. Not losing a domain is not a completely unreasonable assumption to make.
Thankfully the users and communities aren’t lost, it’s just that people outside of fmhy will have to resubscribe to the communities on the new domain.
A lot of armchair developers in here who think there is an easy solution to distributed identity
There’s definitely better ways to handle this, like, the ID could be a public key or something. Chances of RSA/EC key conflicts is basically nonexistent or we wouldn’t use them.
But it’s the W3C, of course they assume URLs can and will be permanent. Your domain being seized is not something typical companies and organizations face. It’s something you expect to happen to a site hosting piracy and other illegal content, which FMHY is somewhat borderline with its piracy guides.
ActivityPub is not designed to be any sort of censorship resistant for sites that move addresses and servers frequently.
Who was the idiot that decided to use for a database ID an identifier that almost entirely depends on external (and, for fediverse purposes, usually antagonistic) entities?
The W3C, also known as the people who develop the web standards. It’s a reasonable expectation as you have to draw a line in the sand somewhere. Distributed identity is not a solved problem, so domains are the best solution we have right now.
What would you suggest they use as the identifier with which allows other entities uniquely identity you? There are no alternatives until you introduce a ton of cryptography, which is what DID hopes to address, but that’s still going to be bad UX.
Figures. The same people who added DRM to the web standards.
Now, I don’t know what other alternatives could have been used, but I know that URL was among the obvious ones to not use. Something that uniquely identifies you has to be non-transitive and non-revocable by a third party, of which URLs are neither (domain names are revocable, URLs don’t have addressing persistence let alone when you add query strings into the mix, etc). Among the few things that I can think are non-transitive and non-thirdparty-revocable are the good ol’ ssh-keygen keys, easy to generate and all that but I’ve never found a good mechanism or design to query about them.
The W3C, apparently. It’s both the ID and the URL of the object if you want to refresh it. They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.
Lemmy assigns it its own internal ID per instance but it’s only used internally for joins and stuff.
For example, your person ID is https://feddit.cl/u/nintendiator. If you curl it in ActivityPub format you’ll get your user:
Immediate design issue right there: the URL of a user profile is not guaranteed to be unique, and while it can “”“only”“” be owned by the owner of the domain, 1.- it’s not owned by the user of the profile and 2.- the ownership by the domain owner is revocable by a third party.
Design-wise, it feels to me like they decided that land / house deeds could be certified by municipal traffic signage.
Oof best of luck to you guys on .ml instances, might be worth looking at buying a domain as a backup to migrate to. Don’t wanna be caught off guard like this especially if they are trying to recoup all their urls. I went with a .boo domain to be unique for my instance but there are loads of TLDs out there
i remember for a period of time it was really easy and completely free to get an .io url. i assume it’s something similar here.
What’s with this .ml love and Lemmy? Are people really building lemmy instances on those free domains obtained from freenom, unaware of its fall?