this post was submitted on 21 Jul 2023
434 points (98.4% liked)
Fediverse
28491 readers
630 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
rip lemmy.ml
Good thing join-lemmy is safely tucked away in a .org domain.
This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.
Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it "disables" an entire instance, cuts it off from federation and locks out users.
Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!
I'm now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.
Would the instances they've federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?
I think they need the private key for the https certificate to do that
Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that's about it. Their admins would probably have to block/defederate them manually.
If it was always going to happen, now isn't really a bad time. Sure, a month ago would have been better, but people still haven't been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.
I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.
lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I've got a good number of community subscriptions there.
This wouldn't happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don't think it's worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.
It's just the domain, though. That's not a big deal to change.
Federation connections are by domain name, so .. it is a big deal
Right. This will basically make nearly every /c live in .world as all of the .ml /c's go defunct. That, or Beehaw, which is walled off from everyone else.
(Side note.. my work's firewalls block everything *.ml -- and that's the only thing that saved me from creating my account there)
deploying the fediverse instances-instance communication on top of a mesh-net like yggdrasil, using their addresses as domain names, may be a quick fix without having to change the paradigm
From that point of view, yes. That'd mess things up, you're right. But from my understanding, they won't lose any data, accounts will remain, as well as subscriptions that lemmy.ml users have. Or am I wrong?
The problem is, if they don't have access to their original
.ml
domain, their accounts are still tied to it. That means if they try to interact, such as subscribing to a community, when the data for that action tries to be sent back (such as updates) it'll go to the.ml
domain, which they wouldn't receive.Lemmy doesn't have a built in way to just change the domain name, or really any of the ActivityPub services AFAIK. You'd have to either really do some hacky stuff to get around it (which could result in unknown issues down the line) or reset everything.
Oh, it's more complex than I expected. Thanks for explaining. I was wrong.
Most of the hacky ways around it involve retaining ownership of the old domain and leaving it up indefinitely as a pointer to the new location. If your domain is taken from you though there is not much you can do.
Seriously dumb to have used this TLD considering there are a ton of choices these days.
The instance is known by its domain name in the federation network. If that domain name changes, it's like starting a new instance from scratch.
Sounds like a complicated project to migrate communities and posts and users to a new instance without breaking something.
Currently, activitypub identity is tied to domain name. Mastodon support migration as long as the old domain is still up during the migration process, but AFAIK Lemmy doesn't even have a process to migrate an instance to a new domain yet.
Someone should tell Lemmy devs and send them a crate of coffee because it'll be a race to implement domain migration before all .ml domains got shut down.
Think about all the links to lemmy.ml