Another win for the decentralized Fediverse when a government domain takeback can’t shut it down!
Mali has decided to take back .ml from people who took advantage of the free domain like fmhy.ml & maybe lemmy.ml - https://lemmy.world/post/1915581
And while it sucks for those servers & those users may have to migrate, the #Fediverse and it’s plethora of platforms continues on. 💪 💜
@fediverse #lemmy #mastodon #calckey #mali #decentralization
I might be unaware of some technical issues here but why not just get another domain, point it at the server, then update the database to change all references to lemmy.ml to thenewdomain.tld and then make an announcement on a couple of the bigger instances? Federation will take care of propagating the news far and wide. Then, as users hear the news they can just login using the same details and those of us subscribed to Communities on .ml can just update our subscriptions.
I mean, it’s not a perfect solution but it’ll work, surely?
ActivityPub uses URLs as IDs for everything. And there’s no way to update those IDs, it’s possible to update inbox URLs and other things but the main address of the object itself is its URL and thus there’s no way to propagate it without essentially making a new one.
It’s not impossible to do, but managing to get that to federate to all instances in a sane way is not currently possible.
There’s a ridiculous amount of URLs in the database and even fixing all of those won’t fully do the job, as post content might still refer to the old URL and whatnot.
It’s a messy situation, you’re not supposed to lose your domain.
Who was the idiot that decided to use for a database ID an identifier that almost entirely depends on external (and, for fediverse purposes, usually antagonistic) entities?
The W3C, apparently. It’s both the ID and the URL of the object if you want to refresh it. They seem to suggest doing it that way because the URL of a user profile is going to be guaranteed to be unique, and can only be owned by the owner of the domain.
Lemmy assigns it its own internal ID per instance but it’s only used internally for joins and stuff.
For example, your person ID is https://feddit.cl/u/nintendiator. If you curl it in ActivityPub format you’ll get your user:
~ % curl -H "Accept: application/activity+json" https://feddit.cl/u/nintendiator { "@context": [.....] "type": "Person", "id": "https://feddit.cl/u/nintendiator", "preferredUsername": "nintendiator", "inbox": "https://feddit.cl/u/nintendiator/inbox", "outbox": "https://feddit.cl/u/nintendiator/outbox", ...... }
Immediate design issue right there: the URL of a user profile is not guaranteed to be unique, and while it can “”“only”“” be owned by the owner of the domain, 1.- it’s not owned by the user of the profile and 2.- the ownership by the domain owner is revocable by a third party.
Design-wise, it feels to me like they decided that land / house deeds could be certified by municipal traffic signage.
The W3C, also known as the people who develop the web standards. It’s a reasonable expectation as you have to draw a line in the sand somewhere. Distributed identity is not a solved problem, so domains are the best solution we have right now.
What would you suggest they use as the identifier with which allows other entities uniquely identity you? There are no alternatives until you introduce a ton of cryptography, which is what DID hopes to address, but that’s still going to be bad UX.
Figures. The same people who added DRM to the web standards.
Now, I don’t know what other alternatives could have been used, but I know that URL was among the obvious ones to not use. Something that uniquely identifies you has to be non-transitive and non-revocable by a third party, of which URLs are neither (domain names are revocable, URLs don’t have addressing persistence let alone when you add query strings into the mix, etc). Among the few things that I can think are non-transitive and non-thirdparty-revocable are the good ol’ ssh-keygen keys, easy to generate and all that but I’ve never found a good mechanism or design to query about them.
That seems like an ActivityPub problem, not a problem with the admin who lost the domain. Perhaps somebody should fix dumbass design flaws to the protocol.
Federations won’t survive with obvious flaws like that. It needs resilienacy.
You’ll have to go complain directly to the W3C for that. The situation is Lemmy may fix it with some custom protocol extensions, but then it’ll still break every other piece of software that follows the spec like Mastodon, Kbin and others.
It’s like adding a 6xx status to HTTP. You technically can, but expect every standard compliant clients to be confused and bail on it.
You can’t just change domains with emails either and have everything seemlessly migrate over. Not losing a domain is not a completely unreasonable assumption to make.
Thankfully the users and communities aren’t lost, it’s just that people outside of fmhy will have to resubscribe to the communities on the new domain.
A lot of armchair developers in here who think there is an easy solution to distributed identity
There’s definitely better ways to handle this, like, the ID could be a public key or something. Chances of RSA/EC key conflicts is basically nonexistent or we wouldn’t use them.
But it’s the W3C, of course they assume URLs can and will be permanent. Your domain being seized is not something typical companies and organizations face. It’s something you expect to happen to a site hosting piracy and other illegal content, which FMHY is somewhat borderline with its piracy guides.
ActivityPub is not designed to be any sort of censorship resistant for sites that move addresses and servers frequently.
The problem is with the federation. Other instances will try to federate with the old domain and won’t recognize the new domain. Simply changing your domain will not update federation in other instances. AFAIK work is still underway to allow migrating to a new domain and allow other instance to recognize the domain change.
Time to create BGPML… a federation protocol router for .ml like situations. ;)
It’s my understanding that this isn’t possible. Migrating domains in Lemmy is not supported though it is possible with some very hacky solutions like you’re describing. But the old domain needs to be retained indefinitely as a pointer to the new domain or it will break federation with other instances. If they lose control of the domain or can’t keep it basically forever then federation will break. They can potentially migrate users and posts, but it is effectively like resetting and starting over as a new instance.
Right, but if Mali do reclaim all the .ml domains out there then there’s little option? Yes, federation will break for .ml and yes it’ll be like starting over on a fresh instance but only in terms of federation - all the users, communities, posts and comments will still exist, just under a new domain. Once the new domain starts federating people will catch on, especially if the news is posted on the larger instances.
Don’t get me wrong, I’m not saying its not a problem, I’m just not sure its a total disaster either.
Yes. It doesn’t outright kill an instance, but it’s definitely a major inconvenience and a learning opportunity.