Using ccTLDs when you have no relationship with the country is just asking for trouble. Comes across as naive and unprofessional, although I've seen many serious infrastructure built upon .co and .io names.
The misuse (off-label use perhaps, to use a term from medicine) of ccTLDs in the tech industry is a widespread practice and I doubt anyone's going to change anytime soon.
I've heard enough horror stories lately (including[1]) that I'm considering moving a container registry off of a cctld. Container registries for whatever reason use .io by convention (docker.io, gcr.io, ghcr.io) so our public-facing registry does too, but I've been thinking that it's not worth the risk. .io is probably safer than most just because of how load-bearing it's become, though.
The Wikipedia entry on the .io TLD is interesting [1].
The .io TLD is assigned to the British Indian Ocean Territories, and there's currently an ongoing international legal dispute over whether the territories even exist, or they just belong to Mauritius. If the U.N. "wins" the .io domain would be slated for removal (technically).
There's precedent. The .su (Soviet Union) ccTLD is still around. It takes registrations at the second level and is open to registrations from anyone regardless of nationality.
.su still alive. Given it's controlled by Russia and widely used for scams I wouldn't recommend going to any site registered in that domain necessarily, but it has not been removed and likely won't be anytime soon.
You’re hoping .io is safer than most. It’s not exactly operated by a big or stable country. Ownership could change and the new owners could be arbitrarily capricious.
Yep, that's a fair point. I do think that the more popular ccTLDs are probably slightly safer than less popular ones all else being equal because there is more riding on not “killing the golden goose”, but stability of the country (or territory) is also a factor.
> The same applies to .UK, should Scottish independence succeed
Northern Ireland exists and is still unfortunately a part of the UK. The UK would still be the United Kingdom of X and Northern Ireland even if Scotland leaves.
I don't understand how it's naive and unprofessional?
twitch.tv, goo.gl, youtu.be, etc. is the tip of the iceberg. Twitch and Google probably are unlikely to have bases in Tuvalu and Greenland respectively.
While I would certainly love to see google try to buy off Belgium for the entertainement value of the following ECJ case, I think you're exaggerating a bit too much
Google already lost the right to use goo.gl for their link shortening service. I'm not sure who would be a part of a potential coup, but it seems unlikely since Greenland has no military of their own, the military being provided by Denmark(a NATO member) who has already in the past allowed the US to station nuclear weapons on Greenland, despite being a party to the NPT.
They didn't lose the rights. They still own goo.gl; go to the address and you'll get Google. They just weren't interested in running a link shortener anymore.
Yea, they probably realized there was no analytics advantage when anyone who would use that shortener would also likely have google analytics on thier site...
I'm so glad that as an individual I didn't use a number that was important when registering .us. To everyone else, take this as a warning!
Given that .us doesn't allow privacy, there's apparently a huge market for web designers and the like to watch registrations and use this as a 'lead generator'.
I have never received as much spam as I did after registering two .us domains. Thankfully, I used a number I can safely ignore
The rule could probably be generalized to not building a business on a ccTLD, but there are instances where being unconnected to the country could directly be a problem. For example, .so (Somalia) domains have become popular as a generic ccTLD (because "so" is a generic English word, I guess?) used by companies like Notion, but technically it is against their terms to own one if you don't have a bona fine connection to Somalia.
Says a lot when you had to make a choice between a beautiful domain name, or having to trust the government of Montenegro for all your lifetime for a super sensitive e-mail service.
At least Montenegro is managing their own ccTLD, not like some mysterious islands (.io, .pw, etc).
But Montenegro has had hundreds of years of sovereign instability, i.e. it has been swallowed several times by other entities. I guess it was on .yu until the 21st century. It's probably stable for now, but nothing to say it won't get swallowed again and lose its TLD.
I actually didn't know that .me was a cctld so now I have surname.me and am kinda worried. I also own surname.dev but I'm not sure if my wife would like to change email addresses...
i wonder how small the number of people that actually understand what ccTLD means in the first place, let alone how geopolitical turmoil could negatively impact their cute little domain name.
Most recent example I think was .eu and UK leaving European Union... And that was orderly process. ccTLDs are entirely fine if you live or your business operates in the country in question. Outside that it is entirely up to them to do what they want.
Every country that the Internet Assigned Numbers Authority (IANA) recognizes gets a two letter country-code top level domain (ccTLD). These are all two letter domains, as country codes are two letters. Some of these are kind of boring (.us or .ru or .pl) but some of these can be interesting (.tv for the nation of Tuvalu, .io for the British Indian Ocean Territories, .in for India). Sometimes countries will lease the management rights for a ccTLD to a private company to manage for a while, as most governments are either incompetent at managing these things or have more important things to care about.
Theoretically each country can change the rules of their country code at any time. These rules can be rather arbitrary and can technically happen whenever. As an example of a rule, the .us domain is only available to US entities.
Also, if the country ceases to be, there's a chance the ccTLD will go away, because that country doesn't exist. Hence the fear with .io, as the Indian Ocean Territories as a political unit may not last very long or .tv as the islands wash away and disappear with rising sea levels.
As others have mentioned, IANA isn't always fast at removing old ccTLDs. The .su domain for the Soviet Union still exists.
Also, the organizations that run the nameservers are not necessarily as competent as the ones running .com. I had an 8 hour outage when the entire .st domain went offline.
I think this remains the biggest long-term risk with using bit.ly links. I have seen so much hard copy media with bit.ly links, especially technical books, that I shudder to think of how many dead links there will be if Lybia takes it offline.
The biggest long term risk with bit.ly links is that you have no clue what website you’re visiting when you click on one, period. You’re either taking the time to put it through a link unshortener, or you just blindly click a link some person you don’t know posted on their totally legit web blog.
Thanks. Bit.ly remained - but that article does indeed show at least one .ly domain (vb.ly) being cancelled.
From the article:
That follows the abrupt enforced shutdown of vb.ly, a "link shortening" site run by Ben Metcalfe and Violet Blue, after it was declared that the content of the site was "against Sharia law".
An image of Violet with bare arms, drinking from a bottle of lager, was emblazoned across the front page of the site when the government-owned Libya Telecom & Technology got in touch earlier this month. "Pornography and adult material aren't allowed under Libyan law, therefore we removed the domain," the letter said, adding: "The issue of offensive imagery is quite subjective, as what I may deem as offensive you might not, but I think you'll agree that a picture of a scantily clad lady with some bottle in her hand isn't exactly what most would consider decent or family friendly at the least."
To repeat a past comment with a little bit of "I Told You So" cynical feeling:
> I think the barrier [to joining] would be lower if I knew I could migrate my identity to another instance if the first one became sketchy or shut down or de-federated.
> Instead AFAICT I have to choose not just what community to join and where the content will initially live, but also which of these random groups to trust with my identity indefinitely going forward.
AFAIK the only option is to run your own instance, which is a rather high bar.
In contrast, imagine a system where you could use a private key to sign things, thus proving "author Bob on Instance X is the same as the prior author Bob on now-defunct Instance Y". You'd still be sunk if you lose the key (or it gets leaked) but at least your identity as an author wouldn't be at the mercy of the Mali government.
> imagine a system where you could use a private key to sign things
This is how things work now, the issue is that most (if not all) of existing AP software the server is generating and abstracting the keys away from the users. But (in theory) there is nothing stopping a system where the server (e.g, mastodon.example.com) works for clients (actor in AP vocabulary) with a different domain, and requesting the actor to sign the messages before accepting in the inbox.
You can follow a community from any software that speaks ActivityPub. So you can be on Mastodon and post/comment to any Lemmy community.
Alternatively, if you want to use lemmy's interface, you can create your own instance and use it only to subscribe to remote communities. This way, your identity is one place but the commuities is in another.
The unfortunate problem being that anything beyond downloading a program and making an identity is too high of a bar for the average person on the Internet. So as long as this friction of choice exists within AP software, mass adoption is impossible and authoritarian social media like Meta and Reddit will continue to thrive.
> > I think the barrier [to joining] would be lower if I knew I could migrate my identity to another instance if the first one became sketchy or shut down or de-federated.
This is pretty much standard for all fediverse apps...
> > Instead AFAICT I have to choose not just what community to join and where the content will initially live, but also which of these random groups to trust with my identity indefinitely going forward.
I always found it hilarious when .ly was a trendy domain and people were literally building businesses on it. Like, you’re going to put your fate in the hands of Muammar Gaddafi?
Hasn't he been dead since 2011? So, whose hands are they actually putting that fate in is what you should be concerned since your boogeyman is no more dangerous than the Freddy Krueger.
According to wikipedia, bitly started in 2008 and was in fact twitter's default url shortener in 2009, at which point Gaddafi was very much still in charge.
Until this thread, I didn't even realize that .me and .io were ccTLDs. (I should have realized with .me, because I've seen it long enough, but I didn't start noticing .io until after the TLD explosion).
I wouldn't be surprised if many were in the same boat. Registrars should probably warn if buying a ccTLD.
I understand the warning in general. But isn't .io, specifically, connected with the British government? And isn't the British government fairly stable/pro-business?
For now! But you probably read about the territorial dispute at the end of the article. Totally possible that the British government won't be controlling that domain at some point in the next 10-20 years.
It's really quite unlikely that the management of the .io domain will change. There are currently negotiations about the Chagos Archipelago. They involve mostly the right to return (for the Chagossians) and the rent on the military base (for Mauritius). There have been calls for the Chagossians to receive whatever portion of the domain fees go to the UK government (how much that is isn't really known), but nobody has called for the .io domain to stop existing or be changed in management.
The resulting arrangement would virtually certainly be something like Tuvalu and .tv. Nobody is suggesting that they go into a Freenom-style domain mess like .ml and a few other domains (which some countries decided to just give away for free).
But if you choose .io, you're gambling on the future of your internet property in a way that the owners of traditional domains like .com simply don't have to worry about.
What if someone decides to start a media campaign for divestiture of .io domains? It's not particularly likely, but it's a risk to weigh against the benefits of a cool domain.
I assumed .io was still under the UK government, which is pretty stable as far as central governments go, but it's hard to actually tell whether it's them or some sort of venture capital thing from wikipedia.
I think the premise is something like "you wouldn't incorporate your startup in a West African dictatorship, why would you let the same country govern your domain name?"
Because TLD is the property of a sovereign. A sovereign that does not report to the US Government. For US business to use their property as their face to the world (such as pm.me) they need to understand and accept that they're putting their business fate in the hands of a sovereign. Things like OP (X Government takes back .xy TLD) happen, people need to pay attention to power, and geopolitics.
That may be a good reason for a company to avoid certain TLDs but it certainly doesn’t make it right for a government to just cancel a legitimate business.
So if Mali confiscates a TLD “rightly so” seems like an unreasonable response. “This is a warning to all of us” makes sense however.
Do you understand that there is no such thing as "illegal" in international "law"? Sovereigns can literally do anything, and everything, and absolutely everything they want. So it is "right", maybe not ethically, but certainly legally. "The Government of Mali" does not report to anyone [1], so there is no institution to rule this as wrong, or a human process that can overrule the decision.
Other sovereigns -- hopefully one of them counts you as a citizen and involves you in its processes through democracy -- can simply boycott, or embargo them, or dissuade them through diplomacy, or armed forces. Unless you understand this, you don't have a good model of what "the Government of Mali" means, and thus it doesn't make sense to make business with "the Government of Mali".
[1] Well, except maybe to the people of Mali, or the constitution of Mali, but that's an internal "implementation detail" that's abstracted away from you, unless you're a citizen of Mali.
Strictly speaking you are right, but people commonly use "illegal" as "in violation of international treaties". Since there's no super-national sovereign to enforce those, it's not the same sort of illegal as we usually mean, but it is functionally close.
That said, from what I understand, ccTLDs are owned by countries they are allocated to (maybe with some corner cases, but irrelevant here), so Mali is certainly not doing anything wrong even in the above "legal" sense by asserting their ownership.
So one owned by a company is better? No. This is why .eth domains are great. Ethereum solving yet another problem that HN complains about on the daily, but will still claim it has no usecase.
Even if it is in the country's hands, it can be taken from a legitimate owner or be abused. That's what parent is talking about. ENS are fully permissionless, no one can take it from you.
If by nobody you mean "no one outside of the mainstream", sure. But I don't need a lot of work to have my .eth domain resolving to an IPFS file, and there are browser extensions that will let you query ethereum blockchain and use it to resolve IP addresses based on ENS.
No, it isn't. I'd never seen a .eth link anywhere on the normal web, yet I've seen plenty of Gemini:// urls, just to throw in something niche for comparison.
More worryingly, typos to US military addresses from external address will now be routed to Mali. From Matt Levine this week:
>Millions of US military emails have been misdirected to Mali through a “typo leak” that has exposed highly sensitive information, including diplomatic documents, tax returns, passwords and the travel details of top officers.
>Despite repeated warnings over a decade, a steady flow of email traffic continues to the .ML domain, the country identifier for Mali, as a result of people mistyping .MIL, the suffix to all US military email addresses.
>The problem was first identified almost a decade ago by Johannes Zuurbier, a Dutch internet entrepreneur who has a contract to manage Mali’s country domain.
>Control of the .ML domain will revert on Monday from Zuurbier to Mali’s government, which is closely allied with Russia. When Zuurbier’s 10-year management contract expires, Malian authorities will be able to gather the misdirected emails. The Malian government did not respond to requests for comment.
>“Much of the email flow is spam and none is marked as classified,” and apparently if you work in the US military and you email someone else in the US military, the system prevents this typo. But if you are an outside contractor, or an Army officer emailing from your personal account, all bets are off. “Around a dozen people mistakenly requested recovery passwords for an intelligence community system to be sent to Mali.”
A solution would be Google + Amazon + Microsoft + Whatever security company to be block outgoing emails going to army.ml/navy.ml and the problem is solved.
This is one of the rare good sides of having near-monopolies.
Related HN: “Typo leak” exposes millions of US military emails to Mali web operator (ft.com) | 150 points by cafemachiavelli 4 days ago | 70 comments | https://news.ycombinator.com/item?id=36756201
That one was probably related to the recently discovered bug where deleting a users with thousands of posts will lock out the database, thus causing a self-DOS. And since the deletion will propagate to other instances, other federated instances might be down too depending on how much federated contents that must be deleted in that instance.
Ah, I hadn't heard of that. It looks like one of my 2 servers is back up again, but the other continues to have issues. I think it's probably unrelated because the errors have been changing over the past day, and they usually come back immediately.
I have to admit I didn’t do any research and assumed that .me was available to anyone because I noticed it around the same time domains such as .app, .blog, etc. came out. Honestly thought it was supposed to mean something like ‘Hey it’s me’.
So I registered <surname>.me for me to use <name>@<surname>.me as email address.
My surname with generic domains such as .com, .net, etc was already registered and didn’t feel like registering my full name. This is pure laziness, didn’t want to use something like hello or contact @<fullname>.com as email.
Side note: its best not to put easter eggs in your app, especially when you think no one will see them.
Visiting the link with scripts disabled gives me a "damon is g*y" banner.
Not only can the message be construed as hate speech (could be an inside joke but I'm not "inside") but it could also be that you outed someone who didn't want to be out.
I don't know what better term to use for people using the term associated with a sexual minority as a term with a negative connotation on people not affiliated with said minority. And "dumb/wild" is just one tame usage, sometimes "gay" is used as an even more generic "this person/thing/action is bad"-word.
Dumb and wild are also slurs, it's not possible to call someone "weird" without using a slur, because all words like "weird" were originally slurs, they have just undergone reputation recycling over the years that we forgot about it.
Maybe actually a good thing in the long run — would be great for an application aiming for a federated architecture to be reasonably robust to things of this sort.
I wonder if the same can happen to .sh - it’s widely used by Schleswig-Holstein (a German state), but originally it’s a tld for the Saint Helena islands.
They didn't take back their ccTLD nor is it unavailable. The (Dutch) company Freenom managing it was sued by Facebook for not policing their free domains used in phishing attacks.
This is a very different case. I would point out maybe it's not a super great idea to pick a ccTLD in a country with a decade long war internally. I've seen Haiti's (.ht) used a decent amount (notably as a secondary for sourcehut, sr.ht) and would think this one is a particularly vulnerable one as well.
> The contract between Freenom and the Malinese government that gave Freenom technical control over the domain extension and give out the domains for free, has expired on Monday July 17. The contract was not renewed, which means that the control of the .ml domain extension is returned back to the government of Mali.
Where can I find any information about the handoff? There’s been a slew of stories about the mil->ml typo and a few claims on the fediverse about the government taking back domains. I can’t search it without just getting articles about the typo (and nothing else). So far I haven’t actually found anything that announces a change in ownership (aside from some different names on IANA).
It doesn't have to be "everyone", but imagine how much healthier the internet would be if 0.1% of the users of any social media network self-hosted and went on to provide the services for their friends/family.
To add to that, imagine if every small business that wants/needs to have a web presence (basically, everyone) could have many different hosting providers where they could have their own Mastodon server, Web Page, online support and calls via Matrix, etc. This doesn't need to cost more than $50/month, i.e, probably less than what people pay in their cellphone bill.
Just that would make - almost by definition - that no server would house more than 1000 people. It would be completely resilient.
i self-host my presence but being responsible for my friend’s social media presence too is too much responsibility for me to bear if i fuck up and it goes down for a day
- Why? It's social media, not a pacemaker alarm. Your friends will survive just fine if you have a day of downtime.
- Nothing stopping the possibility of having redundancy though relays. nostr actually has this by design. If one node goes down, the service might get degraded but never interrupted.
- "self-hosting" does not necessarily mean the act of hosting it yourself. One could, e.g, use a service provider like elest.io, yunohost or my own [0] to run the services. You'd still be responsible for the basic administration, but you'd have actual professional support for uptime, software maintenance, backup, etc.
> Why? It's social media, not a pacemaker alarm. Your friends will survive just fine if you have a day of downtime.
It feels that mainstream social media has set the expectation that any downtime is big news. That’s, of course, not the case for small social media. People can handle downtime.
If anyone is interested in contributing to small social media, this site is a good guide for the Fediverse side of things: http://runyourown.social/
I was talking about self-hosting in general. If you want to are talking about Lemmy in specific: you can host an instance and make it that only admins create communities. This way, your server will not be hosting any files.
ccTLD which this is the part is supposed to be under full control of the government of the owning country. It is supposed to be for local used. So such TLDs are equivalent of opening a shop in the country so they are free to do so.
