this post was submitted on 21 Jul 2023
512 points (98.7% liked)

Fediverse

28411 readers
929 users here now

A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).

If you wanted to get help with moderating your own community then head over to [email protected]!

Rules

Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy

founded 1 year ago
MODERATORS
 

An update:

  • fmhy.ml is gone, due to the ongoing fiasco with mali government taking all their .ml domains back
  • As such, lemmy.fmhy.ml is also gone, we are currently exploring ways to refederate (or somehow restart federation entirely) without breaking anything substantial
  • We have backups, so don't worry about data loss (you can view them on other instances anyway)

Currently, we have fmhy.net and are exploring options to somehow migrate, thank you for your patience.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 32 points 1 year ago (3 children)

glad to see them not go down the vlemmy path

[–] [email protected] 20 points 1 year ago (1 children)
[–] Geth 27 points 1 year ago* (last edited 1 year ago) (1 children)

Nobody really knows for sure. It just sort of disappeared one day with no warning.

[–] [email protected] 6 points 1 year ago

Is this going to be an unsolved mystery of the Internet? A spooky Fediverse legend?

[–] [email protected] 18 points 1 year ago

Yes, that's reassuring. Also, nice to see their main website, I never actually noticed it existed

[–] [email protected] 8 points 1 year ago (2 children)

Damn, lemmy.zip, eh? If that instance is public, I don't see that being a good thing.

Tons of businesses, people, etc, are all banning .zip and .mov TLDs for security purposes. I've personally banned all those domains from my network as well.

Bold move.

[–] [email protected] 2 points 1 year ago (2 children)

What's the issue with those TLDs?

[–] [email protected] 17 points 1 year ago (3 children)

See https://youtu.be/GCVJsz7EODA and https://youtu.be/V82lHNsSPww

There are a few problems, but I believe the biggest issue is that .zip and .mov are valid and common file extensions, and it's common for people to write something like 'example dot zip' or 'attachment dot mov' in emails, tweets, etc. Things like email clients have features where they automatically convert text that looks like a web address into clickable links. So now, retroactively, all those emails etc suddenly have a link, where they used to just have text, and the domains that are equivalent to those previously benign file names are being purchased by nefarious actors to exploit people unaware of the issue.

[–] [email protected] 7 points 1 year ago

Here is an alternative Piped link(s): https://piped.video/GCVJsz7EODA

https://piped.video/V82lHNsSPww

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source, check me out at GitHub.

[–] [email protected] 2 points 1 year ago

Yeah, you have a point. I may go block those TLDs tonight.

[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (1 children)

But there's only an issue if the software you're using auto linkifies the domain. They often don't and won't. This seems like a hypothetical problem that probably doesn't exist for most major software. I certainly know no email software is gonna auto linkify this.

If you're curious, you can see if whatever software you're viewing this post in auto linkifies (neither are for me): hshshssu.zip iwuf8aowk.mov

(And if we're manually linkifying, then you don't need to use the new TLD. Eg, not-a-virus.zip.)

[–] [email protected] 3 points 1 year ago

At 1:30 in that second video, he shows that YouTube already converts dot zip domains, even in old comments that predate the domain's existence. At 3:19, he shows/mentions Twitter, Reddit, Facebook, and LinkedIn. I would consider those major platforms. And keep in mind, it only takes one person downloading one file to cause major damage - the LMG hack was due to someone downloading and trying to open a fake PDF that was sent via email: https://youtu.be/yGXaAWbzl5A.

So yes, not everything does or will auto convert the links, but I think you are underestimating the potential for issues here.

[–] [email protected] 4 points 1 year ago

https://www.trendmicro.com/en_us/research/23/e/future-exploitation-vector-file-extensions-as-top-level-domains.html

Actually really huge security threats. It's a very good idea to block them. I especially did because my girlfriend works for the government and does some secret stuff that can't really get out, and she deals with a ton of real .zip files. I think everyone regardless of who they are should make sure to block them.

[–] [email protected] 1 points 1 year ago (1 children)

i don't doubt there have been a lot of cases of those tlds used for scams but i haven't been negatively effected by this instances domain name.

feel free to read the discussion about it here though

[–] [email protected] 2 points 1 year ago

I can't open that link because I block .zip domains lol