Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)
Why is it always DNS?
Because its always DNS
How can a server know exactly what domain name they were accessed from or if they were accessed directly through IP?
To me, dns was just words->IP and then the computer connects using the IP so how would the server know what domain name was used
They don’t know unless the DNS server tells them. For example, a very popular webhost Akamai uses a complex DNS + web hosting suite (DNS edgesuit to be exact) to send that type of data to the web servers. It can also allow for many many other features.
When I was talking my cyber security / ethical hacking class, we learned how to do zone transfer. The concept never stuck and I basically “copy” from my friend. So what exactly is a DNS Zone Transfer?
Friday I was doing a zone transfer! What are the odds?
A zone transfer is like moving houses, except for an authoritative zone.
In DNS, we have what’s called an authoritative zone. That means the device hosting the “resource records” (all the data that DNS passes around) is the “ultimate” answer. I.e, it’s not cached data. It’s not a hosts file. It’s not a recursive answer. It’s the real deal.
When you want to move the authoritative zone to another server, you do a “zone transfer” that means the new server will copy all the resource records over TCP from current authoritative zone. The reason you may want to do this instead of manually hand-jamming it is that many large organizations have, sometimes, hundreds of resource records (last month I coordinated a zone transfer that was over 1000 records!).
Why would a hacker want to conduct a zone transfer? In otherwords, what is the utility or usefulness of a zone transfer for a hacker (black or white hat)?
If you initiate a zone transfer, you can now claim to be authoritative for a zone. That means you can be a ‘bad actor’ DNS server that serves fake records. In practice, this means that you can redirect people to an attack site.
Let’s say you’re Joe the Random Internet User and you want to go to lemmy.world This is what happens in a non-attack (we’re skipping caching & non-authoritative answers for brevity):
- You type “lemmy.world” into your browser
- Your computer initiates a stub resolution for lemmy.world. (the trailing dot here isn’t a period. It’s the “true” FQDN)
- Computer looks at hosts file and doesn’t see anything
- DNS packets are sent to your configured DNS server. If you don’t have one configured, DHCP already configured it for you
- Your DNS server performs a recursive search for world by asking the root zone where the “world” Name Serer is
- root zone resolves world as:
world. 3600 IN NS v0n0.nic.world.
world. 3600 IN NS v0n1.nic.world.
world. 3600 IN NS v0n2.nic.world.
world. 3600 IN NS v0n3.nic.world.
world. 3600 IN NS v2n0.nic.world.
world. 3600 IN NS v2n1.nic.world.
- Your DNS server reaches out to one of those Name Server’s (That’s what the NS record is for) and asks it where “lemmy” is
- world Name Server responds with:
lemmy.world. 300 IN A 172.67.218.212
lemmy.world. 300 IN A 104.21.53.208
- Your DNS server contacts your computer and serves it those IP addresses. (A record’s are domain name to IP Address)
Now lets say there’s a DNS spoof attack:
- Before the “world” server can get back to your DNS server, the hackers server interjects with it’s own authoritative claim that lemmy is here:
lemmy.world. 300 IN A [attack site IP]
- Your DNS server contacts your computer and serves it that IP address. Your computer then contacts the attack site and you get a virus.
Hi! When DNS servers are launched, they have to be purchased, correct? So in this case, did Mali file for the domain to be reclaimed somehow? Do you have an idea how that might work?
I can answer this. The organization that says mali owns .ml gives the ownership country a lot of sway.
So if the country of mali were to reach out formally to the organization and say “hey this domain violates our laws” they would take that very seriously and then work with the registrar & authoritative nameserver owner to handle the situation.
I’m sure this isn’t 100% accurate but 90-95 based on my work in a web hosting company
It’s a little stronger than that. The country gets the final say on where the root zones point to when it comes to their assigned country code. Many countries employ private organizations to handle their TLD. They aren’t supposed to be paid for that though. (But it 1000% happens under the table)
What’s the point of alternative DNS roots? Can they be a thing to mitigate DNS related failures (though lemmy.ml is back online, so I guess that wasn’t it)?
Why is it always DNS?
Well that sounds like my dream job, unfortunately this issue in particular is more of a Lemmy problem, not a DNS problem. See: https://lemmy.nrd.li/comment/190200 for the explanation of why you cant just transfer domains with Lemmy.
Also, if you’re genuinely interested in this field, first you should enter the world of enterprise network engineering. Get Security +, CCNA, and PCNSA. With those certs in hand (and knowledge in your brain), apply to jobs as a network support engineer. Do the work for a few years. Learn BIND. Learn Infoblox. Focus on learning DHCP and subnetting. Learn DNSSEC & IPv6. Experiment with a Pi Hole. Set up a home lab. Apply to jobs with DNS. Start living the good life. This takes about 10 years if you learn fast and are good at interviews.
I only just now saw this post, the last month i have already been going all out to learn everything that i need for my Security+ (then CySec+) i have a 30hr video course im part way thorugh, and ive set up a few VMs with various servers like OWASP Security Shepherd and Dam Vunurable Web App for some more hands on experience as well as testing on my personal production Nextcloud and Jellyfin servers and ive been having alot of fun with it all, i think im pretty solid with DHCP and subnetting already through my home networking adventures. I will look into each of those other Certs and each thing you mention to learn thank you! Ive been deep into various Linux systems since about 2008 and im hoping to leverage that as much as i can(although its left me with a lack of modern Windows experience).
Thank you so much for all the tips! I feel some good things coming as im getting into this as work.
Ah, thanks for the info! I have no idea how Lemmy stuff works. I only became aware of Lemmy last month.
We had a situation at a shared space here where an OpenWRT client device accidentally somehow managed to announce itself into the network in a way that its v6 local link address (
fe80::) got inserted into /etc/resolv.conf as a third DNS option (with the first two being the ones from DHCP) and then served incorrect records when queried. What mechanism is that and were the engineers who designed that feature on drugs? Also, how can I tell my Linux system to not accept such announcements?So, how some companies get right to sell TLDs? Can I start selling TLDs nowdays? It’s just that they were there first and get all top level domains and now we have to pay for it?
Thanks in advance.
They paid a huge amount of money to get a TLD
-
Could users set a temporary entry in their hosts file pointing the .ml domains to public IPs in order to regain access to their account if they needed to?
-
Can Lemmy federate to an IP address directly or will the settings only accept an fqdn?
-
Will a Lemmy instance work behind a reverse proxy.
Thanks for taking the time to answer questions.
- Yes. Unless there’s some kind of crazy domain-level hi-jinks involved with Lemmy (I am not versed in Lemmy), pointing directly to the IP will work if you bypass it by spoofing your DNS (Hosts file, for example).
- I don’t know how Lemmy federation works, sorry :(
- See #2
Sorry that I couldn’t answer more of your questions.
There are several problem with this including total lack of SSL without the proper cert for that other domain, also Lemmy.ml’s IP seems to be running a reverse proxy so the internal IP that we would want to connect to is not visible to the world this is common for web security, the owners must set allowed domains and ports in their config file.
If none of that was a problem Lemmy itself does not do well with changing domains, as highlighted here: https://lemmy.nrd.li/comment/190200
-
So why do we need the .com or .org or whatever at all? And the www. as well?
I remember when I had to type the whole http://www.cakefarts.com and now just cakefarts.com works. What changed? And what’s next?
The “.com” and “.org” and all other Top Level Domains are owned/controlled by some organization.
Com and org are your original TLDs, so since they were around first you see them everywhere. At some point countries got their own TLDs so Mali got “ml” for example but Tuvalu got “tv”. (Yes, technically “.tv” has nothing to do with television.) And a few years back there was open bidding for a bunch of new TLDs which is where “.sport” or “.dentist” come from.
Anyone some entity owns/controls them and then can sell any word or domain under it. So if you want “greatgatsby.com” you have to talk to the “.com” owners. If you want “greatgatsby.sport” you talk to the “.sport” owners. Usually there is another company or agreement that groups these together so you can manage all your domains in one place.
So anyways now you own a domain like “greatgatsby.sport”, what do you want to host? Mail at “mail.greatgatsby.sport”? A website at world wide web aka “www.greatgatsby.sport”? Up to you.
Over time, largely by convention “www” became where you put your website.
From there you have two options, you can setup a redirect from “http://greatgatsby.sport” to “http://www.greatgatsby.sport” or you can do a little hosting “trick” and just make “http://greatgatsby.sport” return your website.
Btw, .com is owned by the US Department of COMmerce. .org is owned by a non-profit organization called “Public Internet Registry”
So say I want a “.travel”, who actually makes and sells these? Is it a private company? A country? An independent entity who’s sole purpose it is to keep domains and the interwebs alive?
The last one, ICANN is the name of the organization. It’s reasonable to argue they are actually the first one. Also they are based in the US, so technically the country answer also apply. HOWEVER they are suppose to be independent.
Also since you want “.travel” that’s a common enough word that it is probably already owned by an entity, so you would probably have to buy it from them.
However let’s say you wanted “.tchotchony” which I feel confident saying doesn’t exist yet. As far as I know ICANN is not regularly taking applications for new TLDs, so you probably can’t have it. Although realistically if you have enough money, you can.
Well, it’s not just a money issue. There’s also the “are you knowledgeable, responsible, and have DNS engineers on staff” problem. If you own your own TLD, it means you can talk directly to the root zone. You could theoretically DDOS the root zone servers and cause them to crash. They would, of course, just revoke your TLD permanently & it wouldn’t really cause any noticeable disruption to the rest of the internet. You could also allow attack domains or shady websites. Maybe it could be used to pretend to be another site. Imagine owning “.conn” that would be a premium attack site TLD because it looks like “com”. There’s lots of other issues too.
To answer your other question: most likely, www.cakefarts.com is now accessible from cakefarts.com for one of three reasons:
- Your web browser automatically checks the A record “www” if “cakefarts.com” doesn’t have an A record. A records are the records in a DNS server that says “this domain goes here”
- The site cakefarts.com put their website on cakefarts.com and placed a CNAME record called “www” that points to cakefarts.com
- cakefarts.com has an APEX record that points to www.cakefarts.com
For the ‘record’, www is just a really common record name. There’s nothing special about it. You could have dudebro.cakefarts.com or wwwwwww.cakefarts.com. It’s up to the domain owner.
How does the TLD get reclaimed? I’m assuming whoever was previously the “owner” of the .ml tld was on board and Mali didn’t just come along and snatch it away?
So here’s the thing about TLD’s, ownership of them is determined by IANA (Internet Assigned Numbers Authority). They’re basically my career’s gods. If they tell me to jump, I ask “how high”. They control the DNS root zone. Effectively, that’s the actual top-level of ALL domains. If they decide to remove a TLD or reassign it, all you can do is lodge a complaint straight to their shredder. They’re owned and operated by ICANN, a non-profit organization.
Back in 2013, Mali allowed a private Netherlands company to “manage” (rent) their TLD, .ML Recently, that company (Freenom) got sued by Meta. Even though I don’t really like Meta, as a network engineer, I don’t like Freenom even more. They turn a blind eye to bad actors on the internet, refuse to investigate hackers/scammers/DDOSers, and generally refuse to play ball. They are a huge pain in the ass. Due to the lawsuit, IANA reassigned ML to Mali since they asked for it. At the end of the day you “cant” sell a country-level TLD. Mali was renting it to Freenom under the table. This happens a lot and IANA usually just looks the other way. .io for example is the freakin’ Indian Ocean.
So yeah, Mali didn’t “snatch” it. They just asked IANA to reassign it and there isn’t shit Freenom can do about it since they never “really” owned it in the first place.
the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.
If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”
Renewal costs are my primary consideration when picking domains. Subscription fees is how your money disappears when you’re not looking.
Anyone know how companies get the rights to domains to sell in the first place? Do they literally submit a list of all domains to ICANN or something? Sorry if this is a stupid question, I just never understood how any of this really works.
ICANN hands out top-level domains (TLDs - such as .com, .org and .ml), either to organisations or government agencies. They, in turn, hand out secondary domains to companies or regional organisations. For example, the TLD .jp belongs to the Japanese government and is operated by an agency called Japan Registry Services. In turn, it hand out the .tokyo.jp secondary domain to the Tokyo Metropolitan government. They, in turn, manage domains for various departments, wards, etc.
But individuals and businesses in Tokyo can also use the .tokyo TLD, which is owned by a private company called GMO Internet Group. And of course anyone can use .com or .org, although you may have tp pay a pretty big fee.
TLD - Top Level Domain (.com .ml .whatever)
Registrar - NameCheap, PorkBun, etc. Submits your domain.TLD request to a Registry
Registry - Maintains the list of domains for a specific TLD and the server infrastructure to run the TLD
ICANN - Decides who can be a Registry and for which TLD. Not involved in the nitty gritty of individual domain names.
How is that decision made? How hard would it be for a group of amateurs to make an rog and try to be a registry or registrar.
You should check out the OpenNic project, which is an organization that has already attempted what you’re describing.
The Mali government taking control of the .ml tld probably has something to do with the fact that hundreds of thousands of US military emails have been accidentally sent to Mali by users who type .ml instead of .mil in the address field.
It’s almost 100% because they were in violation of at least some of the content policies found here
It’s just that the Fediverse now has enough global attention being paid to it that they’re probably actually cracking down on enforcement. Probably something under the “Insults” or “Racism” content policy, since those are the most vague and poorly defined and highly likely to be “obvious” primarily to the country who is operating them, Mali.
fmhy had pornography, which is banned for
.mldomains.DROGUES? On my lemmy?
Link to the actual post OP screenshotted: https://very.bignutty.xyz/notes/9hf13it1ced3b2za
Screenshots of text are not the way. The crappy “hey, a text thing I want to share, let me take an accessibility-poisoning screenshot and upload that graphic file like a psychopath instead of just copy/pasting either the link to the text or the text itself like a decent human being” routine needs to die with Reddit, we have to be better than that here.
At the least, put the screenshot and the link in the post. We can do both, people.
Screenshots of text preserve the state of the text at the time it was seen…
Yes, it’s not good for accessibility but it’s a good way to quickly capture a moment in time.
(I would recommend perhaps also copy/pasting a synopsis for people who might be vision impaired etc)
So copy/paste the text for your snapshot, and link to the original.
That’s kinda what I was saying? Include the snapshot but also the original text body as a copy/paste for those using screen-readers or other such tools
Screenshots stay with time, I hate it when I arrive a bit later and the link is already dead and I have no idea what it said.
If you can post an image, you can post text, right?
Image in the post, text+link in the description, everyone happy.
…except when the image hoster suddenly dies and 10000s of Screenshots suddenly vanish from the internet and all howto’s etc are killed by it
That’s why you shouldn’t use external image hosters but embed the picture the normal way. Then if the lemmy instance dies then the screenshot dies with it but not seperatelly.
well, often webprojects don’t have that much money and hosting communitys who post a lot of images, videos etc. costs a lot of money. because that a lot of users use imagehosters to bypass this issue.
Copy/pasted text stays with time too and doesn’t have the issues that pictures of text do. Also hosted images disappear all the time.
Yeah, it’s 2023, just take a video of your screen and upload that like the kids all do now.
And then play that video on your screen, take a video of that screen with your phone while shaking the phone around and mumbling over the audio, and upload that phone video to TikTok.
Accessibility should be enhanced to read text from image. Enduser shouldn’t care about how he should share an information. How hard is it to read a font from a text?
deleted by creator
If the source is already in text (perfectly accessible), why should we make an image out of it? That’s like saying let’s email a document, but instead of the original doc file, let’s print them out, scan, and then send the pdf of those images instead.
That is not a correct analogy because printing and scanning a document is less convenient than just forwarding the email. But here, most people are comfortable taking a ss and share it. That’s what they’re learnt. So they keep doing that.
My man, you just don’t know how crappy OCR can be with non-latin alphabet writing systems, especially Chinese characters.
That’s why the OCR tools have to be improved. They should atleast be able to read the top 10 most used fonts in a language without issues.
deleted by creator
deleted by creator
So copy/paste the text, and link the original.
In the case of this post, the ability to go to the original and learn the further info added by the author in subsequent posts is of use.
deleted by creator
Screenshots are no more unalterable or trustworthy than text. Why not copy/pasted text and a link?
They can do that in the image as well.
We should copy paste the text, post a screenshot as an attachment, and a link, and then carve the screenshot into a stone tablet to be put on display in the basement of the british national history museum
holy shit guys, just post the data however the fuck is easiest
I did share it. It’s in the comments.
Well kinda feels like my house burned down.
Hopefully the push towards some kind of direct migration comes on the feels of this.
Using .ml was stupid in the first place. No need to try to be a special snowflake by using a sketchy TLD.
It’s one of the 5 TLD (now 4 I guess) that are free. The others being .tk, .ga, .cf and .gq
We need free TLDs.
wow I didn’t even know that was a thing! This is useful to know, thanks :D
I’m aware. Using it for something like this is stupid.
But- But- But the memes of a Marxist-Leninist instance!!1!
Commies punching the air right now
I wonder if it was done on purpose after it came out that the Pentagon had typo’d “.ml” instead of ‘.mil’ and exposed a lot of sensitive emails…
Highly doubtful much of anything majorly sensitive got leaked. Firstly even unclassified DoD emails are encrypted by default. Secondly anything classified isn’t even on a network that can talk to normal email, it’s either 100% point to point encrypted or on an airgapped network. If I hopped on SIPR (DoD Secret-level internet) and emailed a normal email address it simply wouldn’t work.
You highly overestimate the US army.
Reminder that the most recent leak was done by a guy who just wanted to be right on Discord.
Yeah but that was intentional stupidity. Regular typos are covered fairly well.
That doesn’t stop somebody from being an idiot and mentioning something classified in clearnet communications. Never underestimate the power of stupidity.
The domain bs is a interesting case of scummy practices in general, .tv was missused in a similar way with awful contracts, essentially scamming a already increadably poor country!
Didn’t Tuvalu massively benefit from being assigned a TLD that is popular? I read they were able to build an airport with .tv money
Yea, they managed to get it back at some point but it was under external control with close to no benefit for them for a long time!
They reclaimed many domain rights and are now renting them out for big money, yeah. They were still scammed off by many.
TLDs are a non-tangible arrangement of characters that are defined by a committee at a whim. The countries they are given to have not contributed anything to make them worth more. I don’t see how that can be seen as a scam when they don’t get free money based on a random decision by someone outside of their country.
That’s not actually true, the guy who made them originally was from the west and those countries didn’t contribute because they had no chance of any digital infrastructure yet but top level country domains use caracters from the correspinding countries name and those are all determind in the same way so you essentially use their name without their permission or based on scetchy and scummy legally binding agreements!
If you tried to trademark any of these tlds, it would fail horribly.
TV, ML, IO etc are literally just two letter combinations and they are descriptive by nature. There is no real way to claim ownership on just two letters, especially when they have an accepted understanding as being geographically descriptive.
If you could do this, concepts such as maps would also be infringement.
Additionally, the IANA is who is in charge of assigning TLDs, which is in turn controlled by ICANN. IANA gets to appoint trustees for country code TLDs and has the authority to take that control back.
IANA is based in the United States(though it has stakeholders globally) and has the authority to revoke TLD (unlikely to happen, but well within their rights and control) and more likely, to re delegate control to another authority, if they found the currently appointed trustee to be abusing the control of the TLD.
lemmygrad.ml and lemmy.ml are gone? So sad.
Anyway.
Unfortunately, it seems the tankies are gonna tank right on (over the bodies of students).
both are still up, but fmhy.ml is down
both are up, but fmhy is down, maybe forever
Best comment
This brings a disturbing thought to mind… if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?
No, the signatures wouldn’t match.
That’s an assumption that lemmy will quit federating with a server that does not match.
And what signature are we talking about anyway? Is not certificates…
Activitypub signatures that each user and group sends out their messages with.
It’s not an assumption, it’s how activitypub works.
Can you show me documentation that shows communities or servers are signed?
So looking at that spec… Nothing there is validation that current messages originate from an “original” server…
I don’t think either of these signature options for Server to Server communications means that my current lemmy.saik0.com instance can’t be torn down (delete LXC container) and reconfigured as a brand new instance (New LXC container) and other instances wouldn’t know that there’s been a change to the instance running here… or more accurately would flag a change. I think these signatures are all about not being able to spoof OTHER instances. eg, lemmy.ml can’t send messages on behalf of lemmy.world.
I assumed that once federated the public key would be remembered and signatures that do not match it would be handled, but you may be correct. I do wonder whether this could be a problem as instances close down over time. I’ll have to spend some more time researching to see if there’s a more clear answer, or if any ActivityPub implementations have their own way of handling that situation.
This is why you don’t let your domain registration lapse. It’s not the only way computers on the internet verify each other’s identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.
Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!
ICANN has an Expired Registration Recovery Policy (ERRP) that requires your registrar to give your domain a 30-day grace period before deleting the records. ERRP also requires them to shutdown your DNS resolutions 8 days before deletion.
You’d have to be really mismanaging your domain if you miss all the required email reminders and don’t notice your domain has been non functional for a couple of days.
I think Microsoft and Google have both done it, but what do they know? 🤣
Oh really? Haven’t heard that one, back in the day or something?
Yeah some dude bought the google.com domain via some glitch a while back. Here’s a story about it.
this is why instances should be abstracted away as underlying infrastructure and the users don’t have to think about “instances”. accounts and communities are replicated across servers.
This is not the solution! Being able to pick a server to trust your data and content moderation with is a feature, not a bug.
What we do have to do is make this feature more resilient and easier to use. Like adding the ability to easily transfer accounts and communities between instances, or even change the domain name of an entire instance.
no, you’re misunderstanding. that shouldn’t be how it works. there shouldn’t be any difference between the software on each instance such that it make your data insecure. this is how bitcoin works. this is why anyone can spin up a bitcoin instance and have it start contributing to the bitcoin blockchain and you as a user don’t have to “trust” that particular node. trust is built into the distributed software architecture. you don’t “choose” a set of bitcoin nodes. you don’t “choose” your CDN or DNS servers.
Cryptocurrencies and social platforms are completely different beasts. In crypto I want no moderation/censorship, I want anonymity, and there is a payout system so nodes can compete for something. This is all different when building a social network, so you can’t just use the same architecture. Building social structures and trust is desirable in a public forum, not something you want to get rid of.
This is all different when building a social network
wait you want censorship in a social network? also, the architecture i’m describing does not do away with moderation and social structure. what about it makes you think that to be the case?
Of course! Moderation is censorship. There is certain content I don’t want to see, and I don’t want to have to filter it myself so I join a community of seemingly likeminded people who censor content based on rules I generally agree with. They ban users who break the rules, keep spambots out, block malicious instances and so on, and if they are doing their job right then it builds trust and attracts more people.
what about it makes you think that to be the case?
Because you want to strip all that out and abstract it away. Who do you think would do the moderating and spam blocking? Who aggregates posts from all over the world and presents a sorted list to a user on their smartphone? It would be the wild west with users having to do everything themselves. I know it’s tempting to think about building a Fediverse without instances, but afaik you need these social structures for the system to work.
Crypto for example only works because you can define the rules mathematically beforehand, and then hand out money for computers to check them. That’s just not possible with a public forum, at least not yet imo.
you want to strip all that out
i do not want to strip out the functionality of communities having mods that moderate the discourse and ban malicious users etc. it sounds like you misunderstood what i was proposing.
What I’m saying is that you cannot do those features with what you’re proposing, regardless of what you might want to do.
I don’t want to share an instance with the nutballs on the tankie instance or the nutballs on the fascist instance.
you already share water with them though. how is this any different? more seriously though, you already share internet infrastructure with them. the packets you just sent to make that comment could have been sandwiched between a “tankie” and a “fascist nutball”. that’s just the way it is man, there have always been crazy humans.
There are a few technical problems with that. First of all, the cost of each instance would become quickly unbearable since everyone has all the duplicated data.
Second problem, a malign entity could just come, create its own instance, spam everything and everyone with ads or whatever and suddenly every instance is full of that stuff. Also, how do you handle defederating in that case?
What has been proposed before instead was to make some kind of mega communities that gather all posts from communities with the same name across instances
This was my thought as well. Before learning more about the fediverse, I thought things are distributed and are replicated across servers (much like how distributed storage and computing works). But apparently they’re not. You still have to choose which instance you want to use as your “home”, and your data and your contents stays in your home. Others get to look at your profile and contents thanks to ActivityPub.
I understand the needs for multiple instances (i.e., preferences for moderating concents, governance, etc.) But shouldn’t the users and the user generated contents (arguably fediverse’s valuable resources) should be safe-guarded by having redundancies in place across multiple instances?
Has there any work or effort on this?
I thought things are distributed and are replicated across servers (much like how distributed storage and computing works)
yes, exactly! when you use the internet, you don’t manually choose which ISPs to route through. you can pick which DNS servers to use but you don’t have to. when you use youtube, netflix, or facebook, you don’t choose which CDNs to use.
Seriously it’s like no one knows how to use the internet (erm, to learn about teh innernets).
When in doubt, Wikipedia.
https://en.wikipedia.org/wiki/Country_code_top-level_domain?wprov=sfla1
Personally I think more people should be aware of the evil company that is Freenom. (Not saying Meta is not evil.)
Or at least the people that unwittingly transact with them and give them attention / money.
So, the divolt instance is gone as well?
FYI I have made a tool that can backup / copy your account settings, subscriptions, and blocks to a new account: https://github.com/CMahaff/lasim
There are others out there as well if you look.
Obviously the loss of .ml communities would still be catastrophic to Lemmy, but at least your new account won’t start from ground-zero, and you can be less effected by downtime by having 2 accounts with the same subscriptions.
Yeah this sucks for my small but growing community. Ive created an alternative instance elsewhere (on .world) but hopefully .ml doesnt go down forever.
Man, hacking, DDOS and now this. The fediverse just can’t catch a break…
Resiliency is the strongpoint.
If Reddit shuts down, all of Reddit dies.
Same with Facebook, YouTube, etc. is that highly unlikely? Well, yeah, but still nonzero. The fediverse offers resiliency in this regard, and no one person has the ability to shut it down. Even if all instances decide to shut down, new instances can still be spun up.
If the communities you like to read and post to are down, then Fediverse is effectively down for you. Thus it doesn’t offer any additional resilience, it’s not a P2P system.
Would help if users spread out over all the running servers because problem is just a few lemmy servers have all the users. For example the instance I run would be a simple proxy to use for all the content and then would mitigate issues when a big server had problems since just parts of the fediverse would be affected from the users pov.
the problem is most users fear that if they choose a small instance, that it goes down random more likely and their account and everything else is gone. if you choose a bigger instance it feels less likely that the admin of the instance just says fuck it and kills the server random for whatever reason.
as long accounts can’t be easy transfered and are maybe even safe somehow without their instance, people will choose the instance that feels the most secure to them. and when i looked at the available instances… most looked not really long term secure. most did look like they are random ideas of people and they could vanish any second into the void. so i as an example did choose lemmy.world. seemed the most safe option with the best features (nsfw allowed, a lot of users and a big instance)
On a small instance, you have greater opportunities to take action to positively support that instance. You can make friends with the administrator, volunteer to become an administrator yourself, donate cash to offset running costs, lodge helpful reports, welcome new users, etc…
I understand the logic but its actually backwards. A small instance like mine is easily paid for totally out my own pocket and requires no outside funding or maintenance because I can do everything. If too few people donate to major instances then the costs starts to run away from the owners. In some ways becoming too large is a problem.
i understand that, but think about it - its a random instance from a random stranger on the internet. you don’t know that person, and don’t know if he is actually serious interested in that project of running that instance… or if he will shut it down maybe a few day, weeks or months in the future.
and you can’t really backup your account and load it somewhere else, so if this happens everything you saved and do is GONE. thats a huge risk if you value your account and contribution to communitys.
so it doesn’t really matters to me if smaller instances are not expensive etc… thats not what fears people (there are still ways to spread users along more instances but more even). its the suddenly vanishing without warning that scares people.
i had this often enough with similiar other projects where i created a account on such a small community / instance, was really active… and suddenly it was just gone from one second to the next without warning. everything gone. admin didn’t told anyone about it… was just gone into thin air.
so it feels safer to go to instances who are more “trustworthy” in the longterm security of a stable operation.
if lemmy would support export of accounts maybe ever month once or something… that would change things. also allow spoofing of stuff, but it would help with vanishing instances and people would feel safer on smaller more unknown instances.
“i understand that, but think about it - its a random instance from a random stranger on the internet. you don’t know that person, and don’t know if he is actually serious interested in that project of running that instance… or if he will shut it down maybe a few day, weeks or months in the future.”
Have to be honest with you, that is how all yhe instances started including lemmy.world.
“so it feels safer to go to instances who are more “trustworthy” in the longterm security of a stable operation.”
There is no metric by which to know this yet as lemmy is new. Its not like there are 5 servers that are 10 years old and al the rest are just starting up. Just how it is.
Have to be honest with you, that is how all yhe instances started including lemmy.world.
but now they have enough reputation & users to make them feel like the safest option
There is no metric by which to know this yet as lemmy is new. Its not like there are 5 servers that are 10 years old and al the rest are just starting up. Just how it is.
compared with random instances with 2-3 users or so, a instance who is there since the beginning / relative long compared to other is safer feeling tho.
i’m so worried about this topic, that i even think about maybe setting up my own instance just to keep my accounts etc safe & from vanishing.
I feel like you have missed the points im my previous comments but if you just want to feel safer because in your heart of hearts this instance or that instance just feels safer then go for it.
My advice does not change. Make a backup account on another instance to avoid being burned. If you dont want to, then its now on you.
I feel like communities are the bigger problem here. And not one that’s easily solved.
If users from multiple instances come together in communities, those communities are still centralized on a single server. So if something happens to that server, or if your instance defederates with it, the whole community goes with it.
The alternative would be to have tons of duplicate communities spread over many instances, but that’s a bad user experience.
Jesum Crow… Tags aren’t a new concept. Just group communities with a tag… is that incredibly complicated to implement or something?
There needs to be a way for a person or group to essentially own a tag to enable moderation. It might be one of those rare problems for which a block chain is a good solution, because there would need to be a public ledger showing who is a moderator for a tag at any given moment.
There is no need to own a tag, nor to tack blockchain into a problem to try and sell a solution. Ever.
At this stage in the game, I’m not even sure how to evaluate the trustworthiness of instances. Which also applies to the one I’m currently on. I’d like to assume everything is good, but admins do have power that can be abused, like visibility of IP addresses, access to accounts, access to passwords (reusing passwords is bad but especially don’t do it here and certainly don’t use the same password for your email associated with your account).
Facebook abused those powers (zuck even bragged about being able to see everyone’s passwords, emails, private messages, pictures), so did Reddit (though more with shadow banning or quietly removing/restoring posts).
Fediverse instances are just run by random people as far as I can tell. I’m sure there’s some that should absolutely be avoided and I’m sure that there’s some that are perfectly fine. But I don’t have a clue how to determine which list about specific instance is in, otherwise I’d love to join someone’s small instance.
Edit: oh and that only goes into whether the admin is acting in good faith or intends to be abusive. Then there’s the question of whether the admin is competent enough to run a server without it getting pwnt and giving others access to that same information and capabilities.
You are correct. A lot of the internet is built on trust. This is no exception. I suggest having an account in more than one instance so that you are not too vested into 1 place.
