this post was submitted on 21 Jul 2023
426 points (98.4% liked)

Fediverse

28220 readers
1153 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

An update:

  • fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
  • As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
  • We have backups, so don't worry about data loss (you can view them on other instances anyway)

Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.

you are viewing a single comment's thread
view the rest of the comments
[–] squaresinger@feddit.de 61 points 1 year ago* (last edited 1 year ago) (2 children)

WIll this also affect all other .ml domains? Or is this some anti-piracy thing? (I don't know fmhy, but from the name I guess it's about piracy.)

[–] sab@kbin.social 60 points 1 year ago (2 children)

It seems to be Mali just wanting their domains back, in which case it's uncertain times for all .ml domains.

[–] 001100010010@lemmy.dbzer0.com 42 points 1 year ago (3 children)
[–] sab@kbin.social 57 points 1 year ago (2 children)

Good thing join-lemmy is safely tucked away in a .org domain.

This is extremely bad timing for Lemmy (if it ends up happening), but also a good example of how federation makes the entire social media landscape more robust. Had this happened to a centralized service it would be devastating.

[–] shrugal@lemmy.world 27 points 1 year ago (1 children)

Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it "disables" an entire instance, locks out users and cuts it off from federation.

Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!

[–] Toribor@corndog.uk 5 points 1 year ago (2 children)

I'm now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.

Would the instances they've federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?

[–] Amir@lemmy.ml 5 points 1 year ago

I think they need the private key for the https certificate to do that

[–] shrugal@lemmy.world 4 points 1 year ago

Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that's about it. Their admins would probably have to block/defederate them manually.

[–] I_Has_A_Hat@lemmy.ml 9 points 1 year ago (1 children)

If it was always going to happen, now isn't really a bad time. Sure, a month ago would have been better, but people still haven't been here that long. If I wind up needing to migrate, and lose my current account, oh well. No big loss. I imagine others feel similar.

I was frustrated with the outage yesterday and created a new account on a different instance so I could still browse. Couple hours later I had all my subscriptions filled out and the experience is almost identical to my first account.

[–] rm_dash_r_star@lemm.ee 7 points 1 year ago

lemmy.ml is still up as of right now. Possibly they contracted a subscription to the domain name to keep it up. They had to do something to retain it otherwise the site would be unreachable. If lemmy.ml does have to change names it will be a hassle since I've got a good number of community subscriptions there.

This wouldn't happen to an instance with a regularly subscribed domain name. Problem is the .ml domains were free and the associated country decided to claim them back. The risk of using a free top level domain is something that should have been considered. I don't think it's worth the risk versus the cost savings considering how difficult it is to migrate a Lemmy instance.

[–] hunt4peas@lemmy.ml 12 points 1 year ago (3 children)

Shall I make an account in another instance?

[–] sab@kbin.social 16 points 1 year ago (2 children)

Never hurts. Could be a good opportunity to look around the threadiverse and see if you find anything interesting.

However, as it only affects the domain, I expect the Lemmy developers will manage to migrate user data to the new domain should lemmy.ml go down. So your account won't just disappear, but it might go down for a while. It might also affect communities hosted on .ml domains, as followers from other instances will not have the correct path any more.

[–] squaresinger@feddit.de 8 points 1 year ago

Yeah, they are actively working on functionality to migrate user accounts and other data between instances, so that they can use that functionality to migrate everything on an instance to another instance.

Since migrating data affects all the replicated data on other instances as well, I guess when they migrate lemmy.ml somewhere else, all of Lemmy will be down for a day or two, being just overloaded with all the migration stuff.

[–] hunt4peas@lemmy.ml 1 points 1 year ago

Thanks for the info.

[–] hellequin67@feddit.uk 2 points 1 year ago

I've migrated from fmhy to feddit.uk, luckily my subscriptions were on a cached web page soon was able to manually re-subscribe.

[–] Durotar@lemmy.ml 0 points 1 year ago (1 children)

Nope. Domains don't store data. They can change domain and keep all the data.

[–] redcalcium@c.calciumlabs.com 10 points 1 year ago* (last edited 1 year ago) (1 children)

Unfortunately, no.

Currently, activitypub identity is tied to domain name. While mastodon support migration as long as the old domain is still up during the migration process, AFAIK Lemmy doesn't even have a process to migrate an instance to a new domain yet.

So basically, if you switch your instance domain, you'll mess up all your federation network, unless Lemmy devs implement a solution soon.

[–] ahriboy@lemmy.dbzer0.com 1 points 1 year ago

Calckey.social will be transferring all data to new firefish.social, first in the Fediverse.

[–] Falldamage@lemm.ee 23 points 1 year ago* (last edited 1 year ago) (1 children)

I understand it as the Mali government is taking back all the domains after a subletting contract ran out. A lot of sensitive emails that should go to .mil (US military) has been typo-sent to .ml-addresses instead. Here's some more reading.

(I am very tired here and might have misunderstood everything, please correct me if I am wrong)

[–] JshKlsn@lemmy.ml 14 points 1 year ago (4 children)

Perhaps the military should have a system in place to not allow emails to be sent outside of very specific TLDs if it's that sensitive? And perhaps have an automated contact book, instead of relying on someone typing out the to: address manually to be able to make that mistake in the first place?

Seems like some very basic security measures for something so serious.

[–] Tywele@lemmy.dbzer0.com 3 points 1 year ago

Internally they do block that but the problem are people outside the network sending something to a .mil address and mistyping.

[–] darkdemize@sh.itjust.works 3 points 1 year ago

For most situations, there is a global address list that members can use. There are instances where emails need to be sent outside of the .mil domain though, such as to other government agencies that use a .gov, or to contractors on commercial domains, as well as to partner nations that will be on their own countries' domains.

[–] ShunkW@lemmy.world 1 points 1 year ago

Yeah that's super easy to integrate. I used to work in cyber security for a bank and even I was only allowed to send to internal domains initially. I had to file for exceptions for contractors and vendors and stuff.