this post was submitted on 30 Dec 2024
241 points (85.3% liked)

Technology

60261 readers
4427 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Plebbit is a selfhosted, opensource, nonprofit social media protocol, this project was created due to wanting to give control of communication and data back to the people.

Plebbit only hosts text. Images from google and other sites can be linked/embedded in posts. This fixes the issue of hosting any nefarious content.

ENS domain are used to name communities.

Plebbit currently offers different UIs. Old reddit and new reddit, 4chanw, andhave a Blog. Plebbit intend to have an app, internet archive, wiki and twitter and Lemmy. Choice is important. The backend/communities are shared across clients.

you are viewing a single comment's thread
view the rest of the comments
[–] iopq@lemmy.world 1 points 6 days ago (1 children)

Nostr is not really federated because the servers just send data for you. Nobody calls the internet federated because the switches transfer your data

[–] ubergeek@lemmy.today 2 points 6 days ago (1 children)

Nobody calls the internet federated because the switches transfer your data

Actually, a lot of people refer to the internet as federated, because most all of it is very decentralized, and independently managed.

Take IP routes... The BGP table is a giant exercise in federation. Any transit provide can blackhole your traffic, or just refuse to accept the announcements (ie, a lot of places reject North Korean BGP announcements, for example).

DNS is another example of a federated system, a number of countries operate the root servers, who merely hold pointers to where to get answers for a TLD, which in turns just provides answers on who can provide answers for a domain.

You can even create your own TLDs, and use them!

Its a giant, federated system. The apps sitting on top of it are not so much anymore.

[–] MITM0@lemmy.world 1 points 6 days ago (2 children)

How does one create their own TLDs ? Do you have any guides or example videos on it ?

[–] pixelscript@lemm.ee 2 points 6 days ago

Technically all you need is a DNS server.

No computer knows where <whatever.tld> is located, unless that route is hard-coded in a host file somewhere. It always has to ask a DNS server for that information. If that DNS server doesn't know, it will probably try asking some other DNS server, and so on up a chain. Eventually, it reaches a master DNS server that either has the answer on-hand somewhere in a database, or it says, "lmao, that doesn't exist". All the DNS servers and your PC down the chain take that answer. They might memorize it for a little while and hand it out to anyone who asks them, but after a while they'll ask their way up the chain again to see if the answer has changed since the last time they asked.

In order to "create" a TLD, all you have to do is make a DNS server that doesn't ask up the chain. Just pre-program the list of valid domains yourself. You can make them anything you want. You can even "steal" existing domains and make them point to anywhere you want. Nothing is stopping you. Your DNS server will confidently report its pre-programmed answers to anyone who asks.

The catch is that any Internet-enabled device that you want to be able to use your fancy new custom domains needs to be configured to ask your DNS server in particular. People would have to manually set your DNS server as their master server to ask, or they'd have to set it to ask some other DNS server that is itself pointed through some chain up to your DNS server. This is an explicitly opt-in system, and getting a significant mass of people to do that voluntarily is practically impossible. But it's not technically impossible.

The only reason you don't have to do this manually with every single device you buy is because most devices either come from the manufacturer with a hard-coded list of DNS servers they should trust by default, or a device on the local network whispers in their ear and tells them who the local DNS server is and the device just goes along with it. It's still technically an opt-in system; devices are simply either already "pre-opted in", or there's a system running on your network that auto-opts-in every device that connects, and most devices are designed to accept that auto-opt-in the moment they detect it.

Provided you manage to get the devices you want to listen to your DNS server, you may additionally want to set up a root certificate authority. The thing that makes the little padlock show up in your browser URL box to let you know the connection is secure. Kind of like the DNS server thing, this is also very simple--just run a cheeky little OpenSSL command or two and you can be a root CA in no time--but it suffers from the same "opt-in" problem. You have to manually configure any device you want to use your system to trust your certificates. Most devices just come with a list of "acceptable authorities" built-in, and those defaults are all most people are using. But nothing is stopping you from adding anything you want to that list at any time. You're just limited to doing it on a device-by-device basis.

At my company, we've set up our own custom DNS server and our own root CA. We serve internal websites at a custom TLD we made up, and we sign them with our custom certificates to keep the connections secure. But that only works because we've manually configured our workstations to ask our internal DNS server for DNS requests, and we've manually configured all the workstations to trust our root certificate authority. A random device that connects to our network that isn't configured with either of those things will not resolve any of our custom domains, nor will it securely connect to them. It also breaks if the configured devices aren't on the local company network, since the DNS server isn't reachable from the public web. Which is fine for us, since those internal websites aren't reachable on the public web either. But yeah, that's an example of the limitations.

If you want to create a TLD that will be auto-accepted by everyone who is already running the default chains of trust (which is probably what most people actually mean when they ask something like this), you have to seek out the big daddy at the root of that chain of trust and ask them to poof your TLD into existence for you. That would be ICANN, and they probably won't do anything like that without a big fat check and a lot of corporate lobbying.

tl;dr - The tech is built in such a way that nothing is stopping you from making your own toy, and anyone can play with your toy without needing to do much. But if you want your TLD to "just work" for everyone in the world without asking every single one of them to explicitly opt-in, which is probably what you actually want, then no, you basically can't do that.

[–] ubergeek@lemmy.today 1 points 6 days ago

You spin up a root zone for your tld, and you point your machines at it, and whomever else is interested in using your TLD. Or, you pay ~50K to ICANN, and meet some technical requirements (Last I checked, its like 8 zone servers, in 5 different geographical locations, response time maximums, etc).

Alternativley, you can also work with OpenNIC to do this, as they already have a number of OpenNIC resolvers, root zones. For this, your name servers you run need to meet their Tier I requirements.