this post was submitted on 28 Jun 2023
5 points (77.8% liked)

Home

474 readers
1 users here now

Lemmy.zip instance discussion.

For all things relating to Lemmy.zip.

Main instance rules apply, with the additional rules below:

founded 2 years ago
MODERATORS
 

After all, don't many platforms (or heck, browsers) render .zip URLs nonfunctional due to security concerns? Meaning our community.lemmy.zip links may not automatically hyperlink when we want them to, or it may trigger security risk popups. Whoops. Feel free to correct me.

top 8 comments
sorted by: hot top controversial new old
[–] Demigodrick 11 points 2 years ago (1 children)

So, there is a mixed bag of thought on this that I read up on before creating the domain, but tl;dr - .zip is a valid TLD and will be recognised by all browsers etc as such. There are lots of new TLDs being created and they'll be in the same boat.

.zip domains also come with higher levels of mandatory security and require an SSL certificate to display a webpage, which is another layer of security.

On the flip side, yes someone will probably try to fake a zip file with it and send the link around, but (and people are free to disagree with me here!) this is basic Internet security and you shouldn't be clicking links to places you weren't expecting.

Federation won't be affected by anything and we'd need to be manually defederated like normal.

People/companies may decide to block .zip domains but that is a knee-jerk reaction. Bad actors will exist (and have existed before) and with the way TLDs are heading before long you'll probably be able to generate anything as a TLD, after all they're just name friendly pointers to an IP address.

In summary, it's not caused us any issues yet, I dont forsee it causing us any issues, but if it did, then we'll cross that bridge when we get there!

[–] DaforLynx 3 points 2 years ago (1 children)

I hope you're right! Question, is the "higher levels of mandatory security" due to .zip being a newer domain or due to it coinciding with a widely used file extension? Or both?

[–] Demigodrick 2 points 2 years ago* (last edited 2 years ago)

Its something that is happening with a lot of newer TLDs. Theres a bit more info in the first paragraph here which relates to .app domain, but is the same thing.

Edit: even better info here

[–] JohnnyLX91 10 points 2 years ago* (last edited 2 years ago)

Idk about others, but one of the key reasons for me to choose lemmy.zip for my communities was the url. Something like "sh.itjust.works" just sounds really childish to me. I wished we could have "lemmy.com" but sadly that domain is way too expensive to get so I think "lemmy.zip" is one of the few serious and convenient names for a Lemmy instance.

[–] ticklethief 4 points 2 years ago
[–] Sami 2 points 2 years ago* (last edited 2 years ago)

You bring up a good point.

I don't think the lack of automatic hyperlink is a dealbreaker because you have a bunch of instances like lemmy.world and sh.itjust.works that are growing fine without it. But there is talk of the domain's potential for abuse but it hasn't existed for very long so we'll have to see how that plays out.

I doubt browsers will blanket ban a domain but I could see private organizations doing it for their personal security. While it does make malicious links easier to pull off, I don't think it would be an issue unless the problem becomes prevalent enough to damage the domain reputation outside of IT circles.

Here's an interesting article on the topic: https://arstechnica.com/information-technology/2023/05/critics-say-googles-new-zip-and-mov-domains-will-be-a-boon-to-scammers/

[–] Ocean 1 points 2 years ago (1 children)

Is it possible to change our instances url at this point? Like to lemmy.zippy? Or lemmy.z1p?

Or is it too late at this point without just starting everything again?

[–] Demigodrick 2 points 2 years ago

It would have to be a valid TLD to change to, like .com etc. There is a list here of all the tlds that can be used at the moment.

In terms of starting again, I'm not entirely sure. You could point a new url here easily enough, but there would have to be changes in the database to change the hardcoded url, instance name etc, then these would need to be propagated and I dont know enough about ActivityPub protocols to know if that would be valid or not.