Quick question and this may have been answered or obvious…
Is it not possible to federate with onion sites via tor or i2p sites?
You can only federate via tor or i2p if both sides support those protocols, because for federation to work between two nodes both nodes need to be able to initiate connections to the other. That means one-way bridges like tor exit nodes are not sufficient.
I’d guess most Fediverse servers don’t support either of those protocols, so any new server trying to federate solely through them would have an extremely limited view of the Fediverse.
Though I suppose theoretically nothing is really preventing a motivated group of server admins from set up a parallel “dark Fediverse” containing only onion sites.
Good explanation, thanks. I figured it would have been the interface between in the onion and outside of it. That’s too bad. It’s been forever since I used tor but… would someone be able to set up an exit node specifically as a federation point with the outside world? Sort of working as a reverse proxy for a site or sites on the inside?
The Dark Fediverse sounds like great marketing ngl
Just looking at my list of subscribed communities… There are a lot on lemmy.ml.
They’re toast if Mali yoinks the domain name.
This seems really, really bad for Lemmy…
Eh, it’ll probably just bounce back tbh. With something this big, lemmy.ml can probably convince other fedi admins to migrate everyone’s subscriptions over
Lemmy as a whole not being hurt even if some domains are gone is the entire point of being decentralized. But yeah, it’s really bad that communities made there will also be gone as it is now.
We need user and community migration like Mastodon has, and quick.
How does Mastodon do it differently?
You can migrate to another instance with all your followers very easily in Mastodon.
I can see Lemmy comms being able to do the same and it’s already been opened as an issue on the GitHub
Counterpoint: the generic communities being hosted on Lemmy.ml (an instance with a very strong political identity) simply because it was oldest was a real risk for the growth of Lemmy as a whole and this is a fantastic opportunity to rebuild those core communities on more generic Instances like Lemmy.world.
deleted by creator
Is an internet pirate community an internet pirate community without the odd patch of rough seas?
yarr
That’s a very positive spin on quite a shitty situation (especially if lemmy.ml goes kaputt)
I mean, the .ml domain belongs to Mali and they have every right to take it back.
“Every right”? No. They have the power to do so but that doesn’t make it right. They sold those domains fair and square. Contracts were signed.
Domains aren’t sold, they are leased for a period of time. In this case the lease was for ten years and is lapsing now.
True. It might have been better though if the Lemmy devs hadn’t been such cheapskates and forked over the 10 bucks it takes to get a domain name that isn’t sketchy.
lemmy.ml was a sort of prototype made by the devs of the lemmy software. It wasn’t really meant for widespread public adoption. So it makes sense that they went with a free domain.
Did we know before it’s sketchy?
deleted by creator
The parent domain was apparently well known to be a common host of phishing domains and scam sites. Free domains tend to attract those types, so that’s a good reason from the start not to use that if you want your site to be reliably accessible and findable on search engines.
Yes. Hosting a service in a country other than where a TLD is designated for is bad practice and common knowledge for any web developer
Guess nobody told youtu.be or the million of services on .to or .it…
.be and .to are free to use by anyone as set by the respective countries registrars, anyone that registers a .it domain outside of Europe is just asking for trouble
Do Belgium and Italy have different policies?
My work uses zScaler for its Internet web filters. zScaler has everything *.ml blocked.
So yeah, it’s fairly well-known to be sketchy.
.ml is just Mali’s country domain. Maybe your workplace should get a better filter?
Or maybe realising anything ending in .ml was most likely spam and if it caught the 5 legitimate Mali domains oh well, zero loss for anyone.
Kinda like how I wouldn’t download a file from a .ru site.
I did, I just messed up and didn’t tell anybody. I’m sorry folks, this is on me.
Pretty sure they went with .ml not for price reasons, but because they liked to pretend it stood for their political ideology.
They stated themselves that it was for price reasons.
Maybe. I read the idea about it standing for Marxist/Leninist, but there’s thousands of TLDs now - if you can get .diamonds and .world, there’s probably something that would evoke the same lefty idea (although maybe lemmy pre-dates the new domains, I don’t know)
New domains have been around for a while. The fancy ones are a bit more pricey.
Lol they could’ve just spend $10 from the donations they receive to secure an actual .com domain
@freamon Agreed, it’s a silver lining post, for sure.
But generally I find people say “you see, this is why the Fediverse/Lemmy/Mastodon etc will never take off” for every blip of bad news or whatever. But in reality, while the news sucks for .ml servers, it highlights the resiliency of the Fediverse - which is a win.
And better to happen in the early days of Lemmy than when/if it got much bigger.
Newsflash: It’s getting bigger as we speak. Prepare for all of the scalability problems now, not later when it’s even harder to fix.
You say that as though there’s some kind of crystal ball we can all look into and see all of the obstacles that will need to be cleared and prepare accordingly. That’s not how scaling web services works, especially distributed ones that are built on a relatively new protocol.
@freamon can you imagine if Lemmy (in total) was just *poof* grabbed by a government?
The fediverse lives to ride another day.
Using country domains is never fun nor safe.
@renwillis @fediverse
Yes, and another lesson: TLD have meanings…@renwillis I’m not so sure this is a “win”, since the Fediverse wasn’t specifically targeted by any entity involved to begin with. If anything, it’s just a straight-up loss to the communities that have to reassemble themselves under a new domain again, many of whom were probably mostly new users to the Fediverse to begin with, and are likely to be turned off by this experience. If anything, this just exposes that the Fediverse is significantly sustained by flimsy, free/cheap platforms that are vulnerable to disappearing without any notice. That doesn’t exactly instill faith.
It’s a really bad look, to be perfectly honest.
We NEED better abilities to migrate accounts to other instances like what Mastodon has!
I do kinda agree, this isn’t great for general adoption but it’s a vital learning curve and hopefully smart people in the community will help develop ways to avoid it going forward and tools to fix it when it does happen
If this is a loss, a loss compared to what? Centralised servers? If Lemmy was a centralised server, this would’ve taken the whole site down. As another commenter mentioned, if the US government decides take Reddit down, the whole service would be lost. But in the Fediverse no single government can stop it.
Another example is when lemmy.world was attacked. All other instances and the custom clients continued to work. If you say this is a bad look, what’s a good look in your opinion? All of Lemmy going down at the same time? If centralised services deploy techniques to keep their services stable (horizontal scaling, regional mirrors etc.), Fediverse apps can use all of those techniques plus then some.
deleted by creator
deleted by creator
I could also get hot by lightning there times a day but I don’t optimize for it. This is a lol and definitely points back to how shitty personal servers may be. I for one hope a .org starts a monitizartion scheme, deals with the privacy issues this community blatantly ignores, and hires some professionals who actually know what they are doing.
@renwillis The Fediverse is more than just the collective network. It’s also the individual communities, some of which no longer exist right now. Those communities are now scrambling to figure out what to do.
Yes, the whole of the Fediverse is just fine. But the overall health of the Fediverse relies heavily on the health of individual communities.
If lemmy.world went down, so would most of Lemmy, so this is already a huge problem.
So is there a place where we can access our lemmy.fmhy.ml accounts right now?
Why did so many instances use .ml domains?
'Cos they were free.
Ahh, makes more sense.
Are there any other domains that could be in a similar situation now?
Niue is trying to wrangle control of .nu form Sweden, so I’m a little worried. It’s been ongoing for years though.
At the time you get .ml free, .TK, .GA, .CF, .GQ were also available for free (they ended up all being used by spam advertisers, so those domains get marked ‘suspicious’ a lot)
lmfao, frickin seriously? you’re gonna build up an instance where the domain is part of all of your users’ identities and you’re not even gonna spend the $10/yr to keep that solid? with how much time goes into running a lemmy instance and not getting overrun by bots, that’s an absolutely ridiculous assignment of resources
You have to remember that until recently, there was sub 100 daily users, this wasn’t a big platform, and it wasn’t just lemmy.ml, but a bunch of <10 user instances.
It wasn’t worth paying for a small side project until it wasn’t and at that point it was too late, plus who would have predicted that the gov of Mali would forcefully take back all of their domains?
i mean, good point on the project size, but buying a domain is honestly such a basic thing that it still feels like a weird result on that equation to me. for fmhy.ml, specifically, i understand their choice, since pirate sites do tend to be quite nomadic with their domains, and the fediverse being so domain-specific is a new thing.
still, domains are hella cheap. the $10/yr figure i quoted is for a “serious” one on one of the major tlds, you can get away with much less if you’re willing to go for a somewhat more niche but still reputable one. especially one that’s longer than two characters.
Bruh it’s 10 dollars PER YEAR.
I’ve owned a .com domain for over a decade, ever since BEFORE I actually had a job and was living on allowances, and it still doesn’t register as an expense to me.
The content I host on that domain has been used by 3 different people tops, which is me and a couple of my friends. It’s still worth it.
If I were to build a public-facing service I’d certainly fork over the bare minimum to guarantee that it fucking stays up even if I don’t expect thousands of users. It’s just a matter of doing things properly. Free domains have always been sketchy as fuck, every scam ever was hosted on a .tk domain at some point.
But as it has been stated multiple times already, the only reason they actually went with “.ml” is because they thought it would be funny for the marxist-leninist association. That’s literally it. It’s not about money. Anyone with access to a dev machine has 10 dollars a year to spend or they wouldn’t be shitposting on the internet.
I get a little over 10 dollars a day. Also, while my country has an excellent, free system for internal financial transactions, any international transaction will be (a) complicated and (b) expensive.
I’m not saying I wouldn’t pay USD1USD0 for a website, but I sure wouldn’t do it for a hobby one.
You underestimate how different some people’s situations and priorities can be. For us, it’s forking 10-20 USD (not a big sum of money) once a year by credit card (which isn’t hard to obtain).
There are parts of the world with dire financial situations or simply outdated systrms that don’t offer easy access to electric or international payments. There will be devs wanting to experiment with web services, but for them it isn’t simply “forking over the bare minimum”.
I won’t reveal my location just for the sake of an internet discussion, but I lived in a country (It’s not exactly a “3rd world shithole”, but not a developed one either) where until around five to ten years ago or so getting a bank account with ‘credit card’ meant you ‘made it’.
Why? If you weren’t lucky and wanted to pay for something international, you needed a friend with the aforementioned credit card to do the transaction on our behalf. Buying on Amazon? Better make it worth before bothering our friend there. What if I wanted games on steam? The friend with credit card, or use an intermediary that charges an extra before they ‘gift’ the purchased game. And so on.
Now it has gotten much better, as fintech apps filled the gap offering virtual visa or mastercard payments, and the banks themselves started offering credit cards with lower quotas, but you have to remember that it wasn’t available until a couple of years ago, or even still out of reach for some.
So what if you’re a developer with no affordable access to international tx and want to experiment regardless? You find the ones that don’t require payment.
Even worse, the free .ml domain is not actually yours when you get it for free, but actually owned by the company that previously managed the .ml domain. I suspect Mali government has reclaimed all those free domain registrations now that the contract with the company has been expired. The .ml domains that still up was probably paid domain and Mali government are probably still honoring the contract.
Lol one would expect people technical enough to setup a Lemmy instance would be aware of the fall of freenom and the fate of those free domains
Alright, fair enough
I think a lot of them were tankies who thought it was cool to have ML in their domain name. They have lemmy.ml and lemmygrad.ml iirc. Honestly I don’t know whether to be happy those communities took a hit or sad that I might lose one way of identifying and avoiding auth-left instances.
@azalty it was free.
What’s going on with/in Mali anyway? When I search, all the results are just about the US military email fuckup.
deleted by creator
Ok so I guess the old registrar were a bunch of twats, so the gov kicked them out and in the process potentially benefits from the US mil email thing.
All while doing the typical government thing of messing things up for everybody because they don’t know how anything works.
Am I right?
I don’t think the email thing is connected to this. That just happened at roughly the same time.
Yea it just prevents one from searching what’s going on, because web results are filled with this.
I didn’t realise you could do that, but then again I have no idea how country specific domains work
deleted by creator
Depends on the country. Some are imho better run than com/net/org.
Disclosure: my company is a country registrar.
yeah and some countries with popular tld’s (.fm,.tv) like the revenue they generate and have no interest in disturbing that situation. That said, there’s always a risk, especially since things can change, governments change etc.
Yes, governence is key. That should ideally have it’s users as stakeholders and be for public benefit and not for profit. Oh and be efficient. There’s no technical reason why domains should cost more than $5.
There has to be a government connection since the DNS infrastructure in a developed country has to protected against bad actors will necessarily be linked, but not controlled, by national cybersecurity.
Oh and it should be a politically stable country. Problematical for the US?
Where does
.us
fall on that scale?
I was on fmhy now I’m on blahaj.zone, but I have to re-find and subscribe to all my communities
FYI I made a little tool for migrating / backing up your Lemmy subscriptions, blocks, profile settings, etc.
Nothing to be done for fmhy now that it’s gone, but for the future, it might help to have a backup.
Thanks, I’ll probably forget to do it once I get things built up again
Big whoop mf! At least they got the data so that guys like you have something to subscribe
Fuck that’s cool. Makes me feel like an Alpha.
Explain yourself.
Maybe this will have the knock on effect of some migration tools being developed.
@SeeJayEmm I hope so, that’s a big miss on Lemmy right now.
Need to be able to migrate accounts & communities ASAP.
In the internet biz since 1993 here (retired): choose your registrar as carefully as your domain name.
Lowest price is the dumbest reason. It’s never the way to choose anything. ID what your needs are, what satisfies that, then shop for the best price…
Anyway at the moment for my purposes the EU with it’s gdpr and other rules is the best choice for many reasons. I’m using joker.com.
Top level domains (.ml etc) have their own rules, you gotta read them carefully. I don’t know anything about .ml and whether they allowed that usage or not.
A domain takedown was never able to shut a server down, not even with centralized servers. Most big services are accessible via multiple domains of different countries, and this would just disable one of them. But for the Fediverse that means that they also “disabled” an entire instance with all its users.
This actually shows us that relying on domains can be a problem for the Fediverse! Imo we need to upgrade the federation protocol to be able to handle these things, like propagating a domain change or migrating accounts to other instances.
I’ve been wondering why everyone has a domain on their instance, even if it’s a single-user personal thingy.
Because you need a way to be reachable over HTTPS for other instances to be able to securely send you updates (new posts/comments/votes etc.), so you need a trusted certificate. While HTTPS does not strictly require a domain name1 it vastly simplifies the process.
1: It’s possible to get a trusted certificate for an IP address, but not nearly as easy as getting one for a domain. And it’s probably also more expensive than just getting a domain and using Let’s Encrypt to get a certificate.
Makes sense, thanks.
Because you need a way to be reachable over HTTPS
Feels like this is the core key to be changed. Something like Debian’s packaging system for example, which doesn’t even need the Debian domain to be HTTPS.
Debian packages are signed individually, and usually people also don’t see downloading Debian packages as potentially privacy-sensitive, so plain download is acceptable.
For lemmy where user accounts are involved, and in general as a new protocol designed in the age of HTTPS, it makes sense to require HTTPS.
How does this works then?
Dunno the exacts, but why not the good ol’ GPG? You only need to be able to exchange keys out-of-band once, and it saves you from lots of other issues. Trust between Alice and Brian is a between-them thing, and should not depend on a thrid party like Caroline arbitrarily deciding to change Brian’s legal name to Brandon.
They don’t need it per se but there’s a reason apt-transport-https is a very popular package.