the argument for .ml domain has always been absurd to begin with. So it’s free but the price you pay is that it’s being run by Mali. I’d just drop 8$/year tbh, that’s not a hill you want to die for. Also you harm your project by being SEO punished for using spam-associated TLDs like this. One of the reasons original Lemmy took so long to adopt until Reddit’s API drama. Pretty dumb ngl.
If i remember right it was also “free to register but insanely expensive to renew once they start to see traffic”
The domain bs is a interesting case of scummy practices in general, .tv was missused in a similar way with awful contracts, essentially scamming a already increadably poor country!
TLDs are a non-tangible arrangement of characters that are defined by a committee at a whim. The countries they are given to have not contributed anything to make them worth more. I don’t see how that can be seen as a scam when they don’t get free money based on a random decision by someone outside of their country.
Didn’t Tuvalu massively benefit from being assigned a TLD that is popular? I read they were able to build an airport with .tv money
Hi, professional DNS engineer here! if anyone has any questions about the inner workings of DNS or top level domains, ask away! (THIS IS MY MOMENT)
We had a situation at a shared space here where an OpenWRT client device accidentally somehow managed to announce itself into the network in a way that its v6 local link address (fe80::) got inserted into /etc/resolv.conf as a third DNS option (with the first two being the ones from DHCP) and then served incorrect records when queried. What mechanism is that and were the engineers who designed that feature on drugs? Also, how can I tell my Linux system to not accept such announcements?
This brings a disturbing thought to mind… if an instance domain name like foo.bar lapses and someone else snaps the domain up (or of it gets stolen) can the new controller plop Lemmy on a server and be instantly federated? If so what kind of damage could they do?
This is why you don’t let your domain registration lapse. It’s not the only way computers on the internet verify each other’s identity, but a hell of a lot of internet security features are based around domain names, so keeping yours functioning is a very big deal.
Domain registration ≠ internet security. Root of trust is in cryptographic keys, not domains. DNS is not the security cornerstone you make it out to be. PKI says hi!
Yes, but it is very quick and cheap to get a domain validated cert from a CA that is generally trusted by most web browsers, so once the bad actor has the domain, the should be able to trick most users, only maybe certificate pinning might help, but that is not widely used.
Man, hacking, DDOS and now this. The fediverse just can’t catch a break…
