- cross-posted to:
- [email protected]
You must log in or register to comment.
Fortunately, we’re probably all from this instance, so I assume that we are safe.
I like how this mastodon app you are using actually says its name inside the dynamic island
in confused. ml doesn’t seem to be down anymore.
rip my website
Bummer, I was gonna make fmhy my main instance!
I just had to do this to get back on here… Does anyone know if there is a way to transfer posts like it says here?
Couldn’t have happened to a worse bunch of people lol
Yep, I’d just like to say fuck communists and let’s keep the Fediverse away from communist politics’ bullshit.
Communists are only about a partial shit-tier above Nazis. Both are in the tiers of shit, shit birds of a feather.
It’s almost like all authoritarianism is bad.
I concur
lol no
the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.
If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”
Renewal costs are my primary consideration when picking domains. Subscription fees is how your money disappears when you’re not looking.
Anyone know how companies get the rights to domains to sell in the first place? Do they literally submit a list of all domains to ICANN or something? Sorry if this is a stupid question, I just never understood how any of this really works.
TLD - Top Level Domain (.com .ml .whatever)
Registrar - NameCheap, PorkBun, etc. Submits your domain.TLD request to a Registry
Registry - Maintains the list of domains for a specific TLD and the server infrastructure to run the TLD
ICANN - Decides who can be a Registry and for which TLD. Not involved in the nitty gritty of individual domain names.
How is that decision made? How hard would it be for a group of amateurs to make an rog and try to be a registry or registrar.
You should check out the OpenNic project, which is an organization that has already attempted what you’re describing.
ICANN hands out top-level domains (TLDs - such as .com, .org and .ml), either to organisations or government agencies. They, in turn, hand out secondary domains to companies or regional organisations. For example, the TLD .jp belongs to the Japanese government and is operated by an agency called Japan Registry Services. In turn, it hand out the .tokyo.jp secondary domain to the Tokyo Metropolitan government. They, in turn, manage domains for various departments, wards, etc.
But individuals and businesses in Tokyo can also use the .tokyo TLD, which is owned by a private company called GMO Internet Group. And of course anyone can use .com or .org, although you may have tp pay a pretty big fee.
Why was .ml selected to begin with?
A lot of people should be concerned about this for .me domains as well (Montenegro)
I think that’s different because the .ml domain apparently was being given away for free by a registrar that wasn’t responding to abuse complaints, and thus was being heavily abused.
…but if not, then holy shit what a mistake it was to register
[email protected]as my primary email address.deleted by creator
Proton also uses ch and com.
The domain bs is a interesting case of scummy practices in general, .tv was missused in a similar way with awful contracts, essentially scamming a already increadably poor country!
lemmygrad.ml and lemmy.ml are gone? So sad.
Anyway.
Using .ml was stupid in the first place. No need to try to be a special snowflake by using a sketchy TLD.
It’s one of the 5 TLD (now 4 I guess) that are free. The others being .tk, .ga, .cf and .gq
We need free TLDs.
wow I didn’t even know that was a thing! This is useful to know, thanks :D
I’m aware. Using it for something like this is stupid.
But- But- But the memes of a Marxist-Leninist instance!!1!
They should check if .cia is open if they’re want to switch over to something more fitting.
Commies punching the air right now
I wonder if it was done on purpose after it came out that the Pentagon had typo’d “.ml” instead of ‘.mil’ and exposed a lot of sensitive emails…
Highly doubtful much of anything majorly sensitive got leaked. Firstly even unclassified DoD emails are encrypted by default. Secondly anything classified isn’t even on a network that can talk to normal email, it’s either 100% point to point encrypted or on an airgapped network. If I hopped on SIPR (DoD Secret-level internet) and emailed a normal email address it simply wouldn’t work.
Ehhhhh, you’re missing the human element. Humans do dumb shit all the time. You can’t stop someone from reading something with their eyeballs, remembering it in their meat brain, and using their sausage fingers to type it back into something unsecured. Odds are still low of course, but I wouldn’t be so confident.
That doesn’t stop somebody from being an idiot and mentioning something classified in clearnet communications. Never underestimate the power of stupidity.
deleted by creator
Yeah but that was intentional stupidity. Regular typos are covered fairly well.
This brings a disturbing thought to mind… if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?
ICANN has an Expired Registration Recovery Policy (ERRP) that requires your registrar to give your domain a 30-day grace period before deleting the records. ERRP also requires them to shutdown your DNS resolutions 8 days before deletion.
You’d have to be really mismanaging your domain if you miss all the required email reminders and don’t notice your domain has been non functional for a couple of days.
I think Microsoft and Google have both done it, but what do they know? 🤣
Oh really? Haven’t heard that one, back in the day or something?
Yup. Microsoft let hotmail lapse once. Someone paid for the renewal for them. https://slashdot.org/story/00/01/18/1645224/microsoft-hotmail-domain-reward-check-on-ebay
Yeah some dude bought the google.com domain via some glitch a while back. Here’s a story about it.
Awesome lol
This is why you don’t let your domain registration lapse. It’s not the only way computers on the internet verify each other’s identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.
Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!
Yes, but it is very quick and cheap to get a domain validated cert from a CA that is generally trusted by most web browsers, so once the bad actor has the domain, the should be able to trick most users, only maybe certificate pinning might help, but that is not widely used.
Consider how many system relies on being able to send you an email for verifying your login and performing password reset. Those who have control over your email address domain can trigger password reset for most of online services out there. Imagine if Google forgot to renew gmail.com and it falls to a wrong hands.
Email is tied to domains. TLS is tied to domains. CORS is tied to domains. OAuth is tied to domains. Those are just four things I can think of while half asleep. Here’s one recent example of how screwing up a domain name is enough by itself to cause a security breach.
Cryptography is not security any more than domain names are; both are facets of how security is implemented but there’s no one system that makes the Internet secure.
No, the signatures wouldn’t match.
That’s an assumption that lemmy will quit federating with a server that does not match.
And what signature are we talking about anyway? Is not certificates…
It’s not an assumption, it’s how activitypub works.
Can you show me documentation that shows communities or servers are signed?
So looking at that spec… Nothing there is validation that current messages originate from an “original” server…
I don’t think either of these signature options for Server to Server communications means that my current lemmy.saik0.com instance can’t be torn down (delete LXC container) and reconfigured as a brand new instance (New LXC container) and other instances wouldn’t know that there’s been a change to the instance running here… or more accurately would flag a change. I think these signatures are all about not being able to spoof OTHER instances. eg, lemmy.ml can’t send messages on behalf of lemmy.world.
I assumed that once federated the public key would be remembered and signatures that do not match it would be handled, but you may be correct. I do wonder whether this could be a problem as instances close down over time. I’ll have to spend some more time researching to see if there’s a more clear answer, or if any ActivityPub implementations have their own way of handling that situation.
Activitypub signatures that each user and group sends out their messages with.
I was using .ml domains for my selfhosted services, since it was just an hobby and I didn’t wanted to invest money on it. Apart from Freenom website being pretty unusable since I have memory, I’ve already had troubles renewing them last year and now they stopped working without any notice nor update from Freenom itself. Finally I decided to move to a payed domain from Infomaniak, since it’s been more than a year I’ve been selfhosting and $10/year is a fair price for me.
But still without those free domains I wouldn’t probably ever started selfhosting, and I guess a lot of other people like me wouldn’t have experimented or spin up their projects if they had to pay for a domain from the beginning. So despite my hate for Freenom I guess I have to thank them and hope someone else (maybe a bit more “professional”) will take its place in the future
The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.
Umm… Can we talk about how a private company is suing another private company over something that should be in the interest of the government/general public? Where are our agencies, where is Interpol/Europol or ENISA?
