• cinaed666@kbin.social
    link
    fedilink
    arrow-up
    164
    arrow-down
    1
    ·
    1 year ago

    The fact that people were registering .ml domains for projects like this is mindboggling. There are many TLDs to pick from without infringing on the terms of use of a country-specific one.

    • RagingNerdoholic@lemmy.ca
      link
      fedilink
      arrow-up
      61
      arrow-down
      3
      ·
      edit-2
      1 year ago

      My thoughts exactly. You should not be choosing TLDs that are volatile to upsets like this. Stick with the tried and true .com or .net, or one of the new TLDs that are not bound to a nation (unless you can comply with the stipulations) or particular type of organization.

      • exu@feditown.com
        link
        fedilink
        arrow-up
        30
        arrow-down
        2
        ·
        1 year ago

        Or if you absolutely have to, choose the TLD of a country you live in.

          • BaconIsAVeg@lemmy.ml
            link
            fedilink
            arrow-up
            9
            ·
            1 year ago

            Back in the day, like early 90’s when they were managed by the university, they also hand reviewed each request. I had a customer with a registered company name something like “Wood Supplies Canada Inc.” and they wanted “woodsuppliescanada.ca”. They rejected it because “…canada.ca” was superfluous …

          • skiguy0123@lemmy.ca
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            If I remember correctly it’s an honor system thing. You need to declare your a citizen or PR or something

            • The Gay Tramp@lemmy.ca
              link
              fedilink
              English
              arrow-up
              4
              ·
              1 year ago

              You don’t even need to be a citizen or PR, you just need to have “a Canadian presence”, which can be as simple as owning a trademark registered in Canada

              • exu@feditown.com
                link
                fedilink
                English
                arrow-up
                2
                ·
                1 year ago

                Other countries have different requirements so it’s good to always check in any case.

        • Knightfall@lemmy.ca
          link
          fedilink
          arrow-up
          16
          ·
          1 year ago

          Agreed. I went with lemmy.ca since I’m Canadian and the instance is in my country.

          I also heard Lemmy should perform a little quicker for me too this way.

      • AnarchoYeasty@beehaw.org
        link
        fedilink
        arrow-up
        25
        ·
        1 year ago

        Even gTLDs aren’t entirely safe. .dev is iffy right now because only Google can give those out and Google domains is going away.

      • azuth@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        1 year ago

        .com and .net are under US jurisdiction they are not stateless. I could also see why the original lemmy developers would not want to use such a domain.

        • RagingNerdoholic@lemmy.ca
          link
          fedilink
          arrow-up
          2
          ·
          1 year ago

          That may be technically true, but both TLDs are ubiquitous and it’s extraordinarily unlikely that the US will suddenly start confiscating millions of .com and .net domain names operated by non-Americans.

          • azuth@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Nobody said they would confiscate millions of com or net domain names or random non-Americans. We are talking about the lemmy developers specifically.

            But there is no reason to get a US registered domain as a non US citizen who is also not hosted in the USA.

      • ziggurism@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Do people not remember back in the 2010s when bit.ly was the main link shortener used everywhere on the internet, and then Ghadafi, the then dictator of Libya, declared the site to be incompatible with Muslin decency norms because it was used for porn? And then all bit.ly links were just dead links?

        How many times do we have to learn this lesson? Domain name hacks are fun but just not worth it. And in 2023, now we have all the new TLDs. This was a dumb decision

    • ELLIOTTCABLE@beehaw.org
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      This is terrible news to me, as an OCaml’eer.

      There goes all my potential cool project domains … 😭

    • ikidd@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      1 year ago

      Well, and it’s not like this should take anyone by surprise, it’s been 10 years coming. Unless Mali was telling people not to worry and then did an about face? I haven’t seen anything to indicate that.

    • deadhead@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      ·
      edit-2
      1 year ago

      For anyone that wants to learn more about internet domains, the MKBHD Waveform podcast has an awesome episode about this topic. It’s a super interesting listen where they talk about how the internet works and one of the organizations behind it (ICANN).

      ICANN and the 7 Keys to the Internet

      Apple Music

      Spotify

    • 𝘋𝘪𝘳𝘬@lemmy.ml
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      1 year ago

      The fact that people were registering .ml domains for projects like this is mindboggling. There are many TLDs to pick from without infringing on the terms of use of a country-specific one.

      Quoted for emphasis.

        • Terrasque@infosec.pub
          link
          fedilink
          arrow-up
          11
          arrow-down
          3
          ·
          1 year ago

          I’m just pretty staunch about not paying for a domain name, they add no value whatsoever

          Heh, what a tool. Nothing’s stopping him from just using ip addresses, or the reverse that whoever provides the server ip almost guaranteed have set up. But no, he wants a fancy looking one, so it HAS some value or he wouldn’t need one, and a domain require name servers, and people administrating and maintaining it. He just don’t want to pay for that part. And come on, a domain is like 15 dollars a year?

        • ArcaneSlime@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          3
          arrow-down
          13
          ·
          1 year ago

          Well 2y ago that’s what the marxist-leninists here claimed anyway.

          Btw, that link either leads to the wrong post or jerboa is broken lol, however from the “nope” I can infer that it is meant as a refutation so fuck it.

          • russjr08@outpost.zeuslink.net
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            Here’s a quote from dessalines on said post that explains it:

            Its just a free domain, like .tk or .gq. I’m just pretty staunch about not paying for a domain name, they add no value whatsoever, and buying them feels like acquiescing to the digital enclosure of the commons.

            • ArcaneSlime@lemmy.dbzer0.com
              link
              fedilink
              arrow-up
              3
              arrow-down
              1
              ·
              1 year ago

              So then in a sense it is marxist in nature, as this answer hints to marxist values with “buying them feels like acquiescing to the digital enclosure of the commons.”

              However when this place was all marxist-leninists 2y ago, they made it very clear that it was a ML instance, by ML, for ML, and they claimed that .ml stood for marxist-leninist. As to when they decided that was no longer the case I have no clue, but that was the claim until redditors came and drowned them out a bit.

              • russjr08@outpost.zeuslink.net
                link
                fedilink
                arrow-up
                2
                ·
                1 year ago

                The comment was made 2 years ago - but as to whether it’s attempting to masquerade the real reasoning behind it, I can’t really say since I’m not the devs. I just thought it was worth copying over the comment contents since you mentioned you couldn’t see it, I figured there might be others who couldn’t as well!

                • ArcaneSlime@lemmy.dbzer0.com
                  link
                  fedilink
                  arrow-up
                  2
                  arrow-down
                  1
                  ·
                  edit-2
                  1 year ago

                  I do appreciate it, the link for some reason leads to a completely unrelated post, but it looks like others can see it, so I think it’s a Jerboa issue.

                  True, we aren’t the devs so we can’t know their true intentions or thoughts, but I have my suspicions. If I trusted everyone all the time I’d be helping OJ look for Nicole’s killer rn.

                  (This is what the link loads for me btw)

        • ArcaneSlime@lemmy.dbzer0.com
          link
          fedilink
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          I don’t pretend I can make sense of them, I just know what was claimed when I showed up 2y ago. I think the stalinists are mostly the ones that broke off to form lemmygrad iirc, as lemmy.ml was supposed to be a marxist-leninist deal, and it was one until the reddit exodus.

    • lea@mlem.lea.moe
      link
      fedilink
      arrow-up
      66
      arrow-down
      1
      ·
      1 year ago

      1/12th of their national income is from .tv so they’ll have sunk before that happens…

        • GeneralRetreat@beehaw.org
          link
          fedilink
          arrow-up
          18
          arrow-down
          1
          ·
          edit-2
          1 year ago

          It looks like the TLD was sold off to a private business by the Internet Assigned Numbers Authority in 1997, with those rights subsequently being sold on to other corporations.

          The British government have issued an FOI response advising that they recieve no funds from .io domain registrations. The Chagos Islanders still don’t benefit, but it looks like that’d need to be squared with a hedge fund rather than a government.

          …It is weird that territorial domains can be auctioned off in the first place though.

          • livus@kbin.social
            link
            fedilink
            arrow-up
            5
            ·
            edit-2
            1 year ago

            I’d forgotten that detail. IANA couldn’t have sold it to a British businessman without the permission of the Brits as they ruled over the territory.

            Chagos Islanders want it but I doubt they will ever get it.

      • monobot@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        There is nothing for them to take back, they have company that manages .me… so it’s theirs to selm to you.

    • erwan@lemmy.ml
      link
      fedilink
      arrow-up
      24
      arrow-down
      1
      ·
      1 year ago

      I believe they sold the rights to some US company who is now managing the tld.

      They specifically decided to profit off the fact that’s it’s an attractive tld, unlike tld like .ly and .ml where the country never intended for their tld to get a wide use.

  • flux@lemmy.ml
    link
    fedilink
    English
    arrow-up
    52
    ·
    1 year ago

    Is there information about this situation with Mali government about ml domains? I cannot find anything about it.

    Though apparently some ml domain receives a lot of accidental US military emails :).

        • PriorProject@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          1 year ago

          I’ve found several articles similar to this, but transfer of management of a TLD from one registrar to another generally shouldn’t result in breakage of registered domains. And nothing in that article (nor any of the others I’ve found) suggest that Mali plans not to honor existing registrations (which all expire eventually anyway, so they have an orderly way to reclaim things by refusing renewal if they wish).

          There’s more going on here that hasn’t been reported (or that I haven’t found) yet.

          • PriorProject@lemmy.world
            link
            fedilink
            arrow-up
            4
            ·
            1 year ago

            Another comment links an older article about freenom (the registrar that is having .ML taken away) losing .ga previously and a plan to delete millions of .ga domains that were being used for abuse. Presumably the .ML situation is another abuse cleanup, though I can’t find confirmation.

            That then leaves the question of whether the Lemmy instance that went down was correctly flagged for abuse (I heard it was focused on piracy?) or whether an appeal could get it back for them.

            https://lemmy.world/comment/1547287

  • Boforn@lemmy.ml
    link
    fedilink
    English
    arrow-up
    40
    arrow-down
    3
    ·
    1 year ago

    Well, this is just weird. When I was migrating from Reddit to this fediverse world I chose .ml and thought it was short for “machine learning” which seemed as a cool domain for me at the time.

    • humanreader@infosec.pub
      link
      fedilink
      English
      arrow-up
      45
      arrow-down
      2
      ·
      1 year ago

      FYI, two letter TLDs are country/region/jurisdiction specific. There’s an ISO standard for that.

      • .tv Tuvalu
      • .me Montenegro
      • .fm (Federation of) Micronesia

      Some countries append additional modifiers to classify their uses:

      • .uk United Kingdom
      • .co.uk Company

      Three or more are generic (traditional or new)

      • .com, .net, .org, …

      In some cases, Uncle Sam said “first!” and it stuck.

      • .edu Education (MURICA)
      • .mil Military (MURRICA)
      • .gov Government (MURRRICA)

      Just like what happens with Mali, what some silicon valley hipsters decide as a ‘fun’ acronym is just that, a fun thought. If the corresponding government decides to take away a specific domain, they probably can.

      • CylonBunny@lemmy.world
        link
        fedilink
        English
        arrow-up
        25
        ·
        1 year ago

        .mil Military (MURRICA)

        That is what made this whole .ml problem. Some people have apparently accidentally leaked American state secrets to Mali by typo.

        • FlexibleToast@lemmy.world
          link
          fedilink
          English
          arrow-up
          17
          arrow-down
          1
          ·
          edit-2
          1 year ago

          That’s a poor excuse. If something is secret or higher it has a different TLD. The SIPRnet uses .smil for example. There are also tools at the boundaries that don’t allow going from SIPR to NIPR unless they meet specific criteria. Basically you can only leak those secrets accidentally if they were already on a system they shouldn’t have been on.

          • AlexWIWA@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            Additionally, competent IT would make this fuck up impossible. I’m shocked that they didn’t whitelist TLDs and block all others.

      • teolan@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        1 year ago
        • .edu Education (MURICA)

        .edu is not only american. For example I know many schools in France have .edu domains and emails, and I believe it’s the case in many more countries.

      • Boforn@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        Thanks for the clarification. If this instance goes down please someone start an ‘‘lemmy.ai’’ instance. I want to follow the same logic that I went with since the beginning.

    • livus@kbin.social
      link
      fedilink
      arrow-up
      38
      arrow-down
      6
      ·
      edit-2
      1 year ago

      No, it’s Mali.

      The rumour is that lemmy devs chose it to mean “marxist leninist” but I think it’s more likely they wanted a free domain name.

      • ghost_laptop@lemmy.ml
        link
        fedilink
        arrow-up
        38
        arrow-down
        1
        ·
        1 year ago

        The rumor is fake, the devs have said it multiple times. If they would have wanted to do some funny Marxism meme they would have used .su

        • bdonvr@thelemmy.club
          link
          fedilink
          arrow-up
          9
          arrow-down
          2
          ·
          1 year ago

          Maybe they didn’t choose it for that, but to be fair they are definitely and admittedly Marxist-Leninists

          • ghost_laptop@lemmy.ml
            link
            fedilink
            arrow-up
            23
            arrow-down
            1
            ·
            1 year ago

            Yes, as there are plenty of other developers who are openly liberals or some other flavour of capitalism. You don’t need to agree with the developers political choices all the time to use their software.

          • Pili@lemmy.ml
            link
            fedilink
            arrow-up
            3
            arrow-down
            5
            ·
            1 year ago

            Yeah they are, so if they did choose .ml for that reason they would have no problem admitting it also. So it’s pretty clear that they just wanted a free domain.

    • Zyratoxx@kbin.social
      link
      fedilink
      arrow-up
      4
      arrow-down
      18
      ·
      edit-2
      1 year ago

      I mean, I knew it was a country top level domain but I was told Dessalines intended the “ml” as an abbreviation for “marxist-leninist”

        • Zyratoxx@kbin.social
          link
          fedilink
          arrow-up
          6
          arrow-down
          5
          ·
          edit-2
          1 year ago

          Some Lemmygrad dude bragged about that… Should have known it was wrong.

          Anyways, thx for the clarification

  • deafboy@lemmy.world
    link
    fedilink
    English
    arrow-up
    29
    ·
    1 year ago
    $ whois lemmy.ml
    WHOIS lookup for LEMMY.ML can temporarily not be answered. Please try again.
    ERROR: domain not found:
    $
    

    But it’s still in my DNS cache

  • kratoz29@lemmy.world
    link
    fedilink
    English
    arrow-up
    18
    ·
    1 year ago

    Thanks for the image, I didn’t know FMHY had an official response, good to know they had backups…unlike me who lives in eternal danger.

    • xantoxis@lemmy.one
      link
      fedilink
      English
      arrow-up
      13
      ·
      edit-2
      1 year ago

      I’m confused why backups would even matter. Are the servers physically hosted in Mali and the government seized them?

      Because if the government just invalidated the domain, that’s completely different. In that case a server device with everything on it still exists in the same place it always did, it’s just DNS that has changed.

      (And yes, I understand that losing the domain name and the certs attached to it would be a big deal, but there’s no data loss, hence no need to pull from backups.)

      • Gnubyte@lemdit.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        And maybe some configs. Letsencrypt is great but SSL is still kinda a hastle

        Edit: oh and if Lemmy has any sort of like unique IDs for usernames at a given domain. Could be something on the backend that keeps a unique I’d for each user encountered in the event a user migrates between servers. Mastodon notifies me if someone migrates.

      • kratoz29@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Well, to begin with we didn’t even know what the heck happened, so being aware that our data is safe is one big relief.

        I don’t remember the name of another growing instance that just disappeared (different issue I guess) I don’t recall that their users ever got their data back again.

  • RoundSparrow@lemmy.ml
    link
    fedilink
    English
    arrow-up
    19
    arrow-down
    1
    ·
    1 year ago

    On the technical topic of renaming a domain of a Lemmy server… I think it is worth experimenting with the code. At minimum, I think it should be an option to try and keep the same login/passwords for users from the old install of Lemmy. But even that could prove tricky if a particular domain changed underllying ownership more than once - and user@domain became rewritten by an entirely different person. I guess in the real-world people do often get mail for previous residence of a house.

    My biggest concern is legality because Lemmy claims to support privacy. I honestly think it’s a bad idea to claim privacy because you run into so many problems. If the user never knows that their lemmy instance changed names and can’t find it again, etc. Especially on technical topics, 15+ years of having Reddit keep messages from deleted user accounts offered a lot of great search engine hits. With Lemmy, a person moving to a different instance and deleting their account, so much content is going to get black-hole in favor of 50 instances having copies of a meme post or trivial website link - and solid original content (often in comment discussions) gets removed.

    • chaorace@lemmy.sdf.org
      link
      fedilink
      English
      arrow-up
      12
      arrow-down
      2
      ·
      edit-2
      1 year ago

      On the technical topic of renaming a domain of a Lemmy server… I think it is worth experimenting with the code.

      This is unfortunately only possible if you still own the original domain. Think about it this way: if you could migrate domains without proving you own the original, then what’s stopping a bad actor from migrating any domain they want? Keep in mind that Federated servers rely on DNS to verify who’s who – they don’t have a backup system for deciding trustworthiness.

      Yes, there’s no technical reason Lemmy has to rely on DNS to establish trust (aside from the fact that changing this would require a massive rearchitecting effort), but why shouldn’t it? It’s possible to switch to a different trust system (i.e.: public/private keypairs), but that doesn’t actually change the nature of the problem – people can still lose control of the private key and blow the whole system up (and, arguably, this is a lot more likely to happen than permanently losing a domain).

      At minimum, I think it should be an option to try and keep the same login/passwords for users from the old install of Lemmy.

      So, login credentials aren’t actually tied to the domain name at all. A user like example@lemmy.ml is simply known as example to the server internally. The server doesn’t particularly care if it lives at lemmy.ml or microsoft.com – if user example shows up and gives the right password, they’re allowed to log in. What I’m trying to say is that – assuming that the user database isn’t destroyed – login info would probably carry over without any special effort needing to be taken at all.

      But even that could prove tricky if a particular domain changed underllying ownership more than once - and user@domain became rewritten by an entirely different person. I guess in the real-world people do often get mail for previous residence of a house.

      The identity problem you allude to is not exclusive to this scenario. Let’s use lemmy.ml as an example: where did the domain come from? The Mali government. Does this mean that the Mali government owned lemmy.ml before it became associated with the Lemmy project? At the risk of oversimplying: yes, pretty much! Prior to 2019, the government of Mali could have created “fraudulent” Fediverse posts under your username, /u/[email protected].

      With that being said, it’s kind of a silly concern. Despite being partially distributed, Lemmy is not a read-only database (i.e.: not a blockchain). There’s nothing stopping the current domain owner from more-or-less completely undoing vandalism from a prior domain owner by simply asking the other federated servers to delete that fraudulent content. Keep in mind that the domain is not the server; the original operator keeps all of the original data even if they lose the ability to host that data under the original domain.

      My biggest concern is legality because Lemmy claims to support privacy. I honestly think it’s a bad idea to claim privacy because you run into so many problems. If the user never knows that their lemmy instance changed names and can’t find it again, etc.

      This is not a problem unique to Lemmy. If Google forgets to pay for gmail.com, then suddenly a lot of email addresses become untrustworthy. This isn’t a privacy issue because your old emails don’t leave Google’s servers. It is a trust issue, however, since the new owners can now impersonate any gmail.com address and receive any new email that was intended for the original owner.

      Not to downplay how catastrophic this scenario would be… but I don’t think there’s any law on the books which would legally obligate Google to operate gmail.com until the end of time. Nothing lasts forever and eventually gmail.com won’t be controlled by Alphabet Inc. anymore – that’s just how time works. Those bothered by this uncertainty can instead choose to host their own mail server (or Lemmy instance) on their own domain – this won’t last forever, either… but at least you’re in control now.

      Especially on technical topics, 15+ years of having Reddit keep messages from deleted user accounts offered a lot of great search engine hits. With Lemmy, a person moving to a different instance and deleting their account, so much content is going to get black-hole in favor of 50 instances having copies of a meme post or trivial website link - and solid original content (often in comment discussions) gets removed.

      Just FYI: Much like Reddit, comments continue to exist even when the author deletes their account. The user must explicitly delete each individual comment before deleting their account if they want it all taken down. EDIT: This is not actually currently the case, though as far as I can tell the stated intent is to prefer anonymizing comments over deleting them when deleting an account (source). I don’t really get this complaint in the first place, actually… surely both kinds of content would get lost when a user deletes all of their data, right? There’s no button that says “delete all of my stuff, except for the shitposts”.

      • bane_killgrind@lemmy.ml
        link
        fedilink
        English
        arrow-up
        5
        ·
        1 year ago

        Your Gmail example is very funny because if anyone actually tried to do it, they would effectively DDoS themselves.

        Governments could do it effectively.

      • RoundSparrow@lemmy.ml
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        1 year ago

        This is unfortunately only possible if you still own the original domain. Think about it this way: if you could migrate domains without proving you own the original, then what’s stopping a bad actor from migrating any domain they want?

        I’m suggesting a whitelist, that each peer has to put in a substitute list of vlemmy.ml==vlemmy.ml to re-federate.

        Much like Reddit, comments continue to exist even when the author deletes their account.

        That is NOT how the testing code of lemmy_server tests things, nor how the GitHub front page advertises Lemmy.

  • dingdongitsabear@lemmy.ml
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    6
    ·
    1 year ago

    *affect.

    thanks for the humorous takes, but what’s the verdict…? and what’s the next step, download posts and settings and move elsewhere?