this post was submitted on 21 Jul 2023
492 points (98.6% liked)

Fediverse

28514 readers
414 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 2 years ago
MODERATORS
 

An update:

  • fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
  • As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
  • We have backups, so don't worry about data loss (you can view them on other instances anyway)

Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.

you are viewing a single comment's thread
view the rest of the comments
[–] shrugal@lemmy.world 30 points 1 year ago* (last edited 1 year ago) (1 children)

Not really. Most centralized services are accessible via multiple domains, e.g. for different countries. This would just disable one of them, but users could still use another to log into their accounts. For the Fediverse it "disables" an entire instance, cuts it off from federation and locks out users.

Lets not put a positive spin on a situation that exposes a weakness of the current system. The federation protocol needs to be able to handle these things gracefully, like propagating domain changes and migrating accounts between instances!

[–] Toribor@corndog.uk 7 points 1 year ago (2 children)

I'm now wondering what happens if the Mali government (or someone else) begins using those domains with their own lemmy instance, potentially with malicious content.

Would the instances they've federated with begin ingesting and serving that content automatically? Or would that be blocked due to key mismatch?

[–] Amir@lemmy.ml 6 points 1 year ago

I think they need the private key for the https certificate to do that

[–] shrugal@lemmy.world 5 points 1 year ago

Afaik it is all connected to the domain name, so they could definitely start to impersonate any .ml instance. Other instances could detect that the signing key for federation messages changed, but that's about it. Their admins would probably have to block/defederate them manually.