Skip to content
  • Categories
  • Recent
  • Popular
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

NodeBB-ActivityPub Bridge Test Instance

  1. Home
  2. Categories
  3. Fediverse memes
  4. Voyager changed to lemmy.zip as well

Voyager changed to lemmy.zip as well

Scheduled Pinned Locked Moved Fediverse memes
fedimemes
26 Posts 15 Posters 0 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J joyjoy@lemmy.zip

    lemm.ee refugee here. I was considering piefed, but photon didn't support it.

    S This user is from outside of this forum
    S This user is from outside of this forum
    sc00ter@lemm.ee
    wrote last edited by
    #9

    Im currently usong boost with .ee, but i think support for that stopped too? Im going to have to change clients and instances

    1 Reply Last reply
    0
    • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

      Welcome post: https://lemmy.zip/post/40323214

      Voyager change: https://lemmy.dbzer0.com/post/45890744

      Link Preview Image
      N This user is from outside of this forum
      N This user is from outside of this forum
      naiboftabr@infosec.pub
      wrote last edited by
      #10

      I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

      blaze@lemmy.dbzer0.comB J 2 Replies Last reply
      12
      • N naiboftabr@infosec.pub

        I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

        blaze@lemmy.dbzer0.comB This user is from outside of this forum
        blaze@lemmy.dbzer0.comB This user is from outside of this forum
        blaze@lemmy.dbzer0.com
        wrote last edited by blaze@lemmy.dbzer0.com
        #11

        Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything

        N 1 Reply Last reply
        2
        • N naiboftabr@infosec.pub

          I still can't take anyone running a .zip TLD seriously. It was bad idea to create it and it's a bad idea to use it.

          J This user is from outside of this forum
          J This user is from outside of this forum
          jax@sh.itjust.works
          wrote last edited by
          #12

          Can you explain why, for me? Genuinely curious, I don't understand.

          N 1 Reply Last reply
          2
          • J jax@sh.itjust.works

            Can you explain why, for me? Genuinely curious, I don't understand.

            N This user is from outside of this forum
            N This user is from outside of this forum
            naiboftabr@infosec.pub
            wrote last edited by naiboftabr@infosec.pub
            #13

            The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.

            Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.

            Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

            Link Preview Image
            .zip (top-level domain) - Wikipedia

            favicon

            (en.wikipedia.org)

            Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

            blaze@lemmy.dbzer0.comB 1 Reply Last reply
            12
            • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

              Is there any PoC of attacks on Lemmy using .zip TLD ? The instance has been up for 2 years, I never heard anything

              N This user is from outside of this forum
              N This user is from outside of this forum
              naiboftabr@infosec.pub
              wrote last edited by
              #14

              Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:

              Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

              Link Preview Image
              .zip (top-level domain) - Wikipedia

              favicon

              (en.wikipedia.org)

              blaze@lemmy.dbzer0.comB 1 Reply Last reply
              9
              • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                Welcome post: https://lemmy.zip/post/40323214

                Voyager change: https://lemmy.dbzer0.com/post/45890744

                Link Preview Image
                T This user is from outside of this forum
                T This user is from outside of this forum
                tweak@feddit.uk
                wrote last edited by
                #15

                lemmy.zip doesn't allow users from the UK.

                blaze@lemmy.dbzer0.comB 1 Reply Last reply
                5
                • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                  Welcome post: https://lemmy.zip/post/40323214

                  Voyager change: https://lemmy.dbzer0.com/post/45890744

                  Link Preview Image
                  rickyrigatoni@retrolemmy.comR This user is from outside of this forum
                  rickyrigatoni@retrolemmy.comR This user is from outside of this forum
                  rickyrigatoni@retrolemmy.com
                  wrote last edited by
                  #16

                  You guys are making me feel left out 😞

                  1 Reply Last reply
                  0
                  • N naiboftabr@infosec.pub

                    The problem is that .zip conflicts with the very commonly used zip archive format which has caused user confusion - a user might click on what appears to be a URL to www.fakewebsite.zip and instead end up downloading a malicious .zip file. This creates an unnecessary and entirely avoidable security risk.

                    Google opened registration for the .zip and .mov top-level domains to the general public on May 3, 2023. Its release was immediately met with condemnation from cyber security experts as a result of its similarity with the file format of the same name. Malwarebytes warned against the use of already recognizable filenames and their confusion with top-level domains, as "plenty of users already have a clear idea that .zip means something completely different". Experts cautioned against their use, and noted that the use of .zip filetypes in cybercrime had had "an explosion" in recent years. Cisco warned against the potential for leaks for personal identifying information. Researchers also registered similar concern about Google's .mov domain.

                    Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                    Link Preview Image
                    .zip (top-level domain) - Wikipedia

                    favicon

                    (en.wikipedia.org)

                    Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                    blaze@lemmy.dbzer0.comB This user is from outside of this forum
                    blaze@lemmy.dbzer0.comB This user is from outside of this forum
                    blaze@lemmy.dbzer0.com
                    wrote last edited by
                    #17

                    Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                    Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                    Link Preview Image
                    The .zip TLD: Ripe for abuse, but so far so good

                    favicon

                    DNS Research Federation (dnsrf.org)

                    Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                    Not sure if that tone is the best for a healthy debate.

                    N 1 Reply Last reply
                    5
                    • N naiboftabr@infosec.pub

                      Targeting Lemmy specifically? probably not, but that's not really the issue. It's not that being a .zip address makes the server vulnerable, it's that the existence of the .zip TLD makes everyone vulnerable:

                      Surveys by security researchers immediately following public release of domain registration found numerous examples of links and domains registered under .zip being used in phishing attempts, and the ICSS recommended disabling access to .zip domains until "the dust settles and risks can be assessed".

                      Link Preview Image
                      .zip (top-level domain) - Wikipedia

                      favicon

                      (en.wikipedia.org)

                      blaze@lemmy.dbzer0.comB This user is from outside of this forum
                      blaze@lemmy.dbzer0.comB This user is from outside of this forum
                      blaze@lemmy.dbzer0.com
                      wrote last edited by
                      #18

                      Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                      Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                      Link Preview Image
                      The .zip TLD: Ripe for abuse, but so far so good

                      favicon

                      DNS Research Federation (dnsrf.org)

                      Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                      Not sure if that tone is the best for a healthy debate.

                      1 Reply Last reply
                      0
                      • T tweak@feddit.uk

                        lemmy.zip doesn't allow users from the UK.

                        blaze@lemmy.dbzer0.comB This user is from outside of this forum
                        blaze@lemmy.dbzer0.comB This user is from outside of this forum
                        blaze@lemmy.dbzer0.com
                        wrote last edited by
                        #19

                        Those users are probably going to go to feddit.uk?

                        T 1 Reply Last reply
                        1
                        • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                          Our findings show that the abuse rate for the .zip TLD is 0.20% which is close to the average compared to all other TLDs. This rate indicates that .zip domain names are not being used to attack users more than the average TLDs - at least for now. However, if attackers find they have better success using .zip than other TLDs, the rates of abuse might change.

                          Given new TLDs, such as .zip, tend to have a higher abuse rate than legacy and ccTLDs we suggest that the security research community should continue the healthy debate about the potential risks of the .zip TLD and that internet users continue to be weary of downloading and opening files with a .zip extension or TLD from sources or individuals they may not know.

                          Link Preview Image
                          The .zip TLD: Ripe for abuse, but so far so good

                          favicon

                          DNS Research Federation (dnsrf.org)

                          Choosing to use this TLD basically just screams ignorance, and should be causing users to question the competence of the person who made that choice.

                          Not sure if that tone is the best for a healthy debate.

                          N This user is from outside of this forum
                          N This user is from outside of this forum
                          naiboftabr@infosec.pub
                          wrote last edited by naiboftabr@infosec.pub
                          #20

                          Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.

                          If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.

                          Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.

                          J blaze@piefed.socialB 2 Replies Last reply
                          3
                          • blaze@lemmy.dbzer0.comB blaze@lemmy.dbzer0.com

                            Those users are probably going to go to feddit.uk?

                            T This user is from outside of this forum
                            T This user is from outside of this forum
                            tweak@feddit.uk
                            wrote last edited by tweak@feddit.uk
                            #21

                            Dunno, I was already here đŸ” just thought it was worth mentioning in a community on feddit.uk hah.

                            1 Reply Last reply
                            1
                            • N naiboftabr@infosec.pub

                              Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.

                              If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.

                              Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.

                              J This user is from outside of this forum
                              J This user is from outside of this forum
                              jax@sh.itjust.works
                              wrote last edited by
                              #22

                              'This bridge is literally held together with duct tape, but it hasn't killed anyone yet!'

                              I'm with you, unecessary risk. Thank you for the explanations.

                              1 Reply Last reply
                              1
                              • M muzzle@lemm.ee

                                Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

                                T This user is from outside of this forum
                                T This user is from outside of this forum
                                thorrjo@lemmy.sdf.org
                                wrote last edited by
                                #23

                                take a peek at lemmy.sdf.org

                                1 Reply Last reply
                                0
                                • N naiboftabr@infosec.pub

                                  Right, ok, so the problem with having a debate on this subject is that there's no reason for this risk to exist at all. There's no good reason to have a .zip TLD, there was no need for it, it should not have been created and no one should use it.

                                  If you're weighing pros and cons, there are exactly 0 pros. Therefore no matter how minor you think the cons are, they outweigh 0 pros by 100%.

                                  Also, "nothing bad has happened yet" is not a valid argument and is a terrible basis for making risk decisions.

                                  blaze@piefed.socialB This user is from outside of this forum
                                  blaze@piefed.socialB This user is from outside of this forum
                                  blaze@piefed.social
                                  wrote last edited by
                                  #24

                                  I see your perspective, but is there any similar instance that is not Lemmy.zip?

                                  From another post

                                  Lemmy.world is too big  
                                  
                                  sh.itjust.works names contains "shit", which can deter users  
                                  
                                  lemmy.ca is Canadian-centric  
                                  
                                  feddit.org, is German-centric, but technically English speaking too  
                                  
                                  dbzer0 is topic focused  
                                  
                                  programming.dev is topic-centric  
                                  
                                  blahaj is queer-focused  
                                  
                                  discuss.tchncs.de has a difficult name  
                                  
                                  lemmy.sdf.org does not defederate anyone  
                                  
                                  beehaw defederates LW and SJW  
                                  
                                  infosec.pub is topic-centric  
                                  
                                  aussie.zone is country-centric  
                                  
                                  midwest.social is region-centric  
                                  

                                  Link Preview Image
                                  Quick comment to copy-paste to promote Lemmy - Divisions by zero

                                  Here is a 5-lines comment I usually use on Reddit when people ask about Lemmy or a Reddit alternative ----- " Lemmy has 47k monthly active users - https://discuss.online/ [https://discuss.online/] if you want a server located in the USA (content is still accessible from any server, the most difference latency) - https://sopuli.xyz/ [https://sopuli.xyz/] if you want a server located in the EU - https://vger.app/settings/install [https://vger.app/settings/install] if you want an app Feel free if you have any questions " — A few questions that get asked quite often about this comment. ##### Why no explain what federation is? Most of the users don’t care about federation. They want a jump-in Reddit replacement, and it’s usually better to keep the message short and simple. There are users on Sync or Voyager who only use their app, and don’t even know what instance they are on. And they are doing okay, they can still use the platform, see content, vote, comment, post. People who want to understand more will figure it out later. No need to overwhelm them. ##### Why those two instances? Long story short, there is no ideal generalist instance. If you open the top 20 instances (https://fedidb.org/software/lemmy/ [https://fedidb.org/software/lemmy/]) - Lemmy.world is too big - Lemm.ee [http://Lemm.ee] is federated with hexbear and lemmygrad, something that is not very welcoming to new users (see this thread: https://sh.itjust.works/post/28798607/15305964 [https://sh.itjust.works/post/28798607/15305964] ) - sh.itjust.works names contains “shit”, which can deter users - lemmy.ca [http://lemmy.ca] is Canadian-centric - feddit.org [http://feddit.org], is German-centric, but technically English speaking too - dbzer0 federates hexbear - programming.dev is topic-centric - blahaj is queer-focused - discuss.tchncs.de [http://discuss.tchncs.de] has a difficult name - lemmy.sdf.org [http://lemmy.sdf.org] does not defederate anyone - lemmy.zip is federated with hexbear and lemmygrad - beehaw is way outdated - infosec.pub is topic-centric - aussie.zone is country-centric - midwest.social is region-centric and admin can power trip at times (https://sopuli.xyz/post/20038037 [https://sopuli.xyz/post/20038037]) That’s how I came up with sopuli.xyz (neutral name, stable, defederated grad and hexbear) and discuss.online (same). Mentioning one per continent allows users to make one choice, so that we avoid the Lemmy.world situation where users realize that the server follows European laws (remember the announcement following Luigi: https://lemmy.world/post/22920690 [https://lemmy.world/post/22920690] ) I also have no way to know what the person I’m replying to is interested in. Of course if you are commenting on a specific subreddit, feel free to adapt the message for a fitting instance. ##### Why Voyager? Same logic, people want one app. Voyager is feature rich and is available on both Android and iOS, and follow the Apollo design that a lot of people might be familiar with. If people want to change, they will later https://www.lemmyapps.com/ [https://www.lemmyapps.com/] That’s it for now, see you in the comments for any feedback! ##### Why not use join-lemmy.org [http://join-lemmy.org]? This website can be hit or miss, with some very negative experience recently: https://lemmy.world/post/24220536 [https://lemmy.world/post/24220536] I prefer to just point out to two instances that I know are stable and reliable. ##### Why not Discord? Discord is a poor replacement for Reddit. Here are 4 reasons why: - Format: Discord’s main strength is chat-style messages, not forum-style discussion threads, like Reddit and Lemmy. Discord groups with more than a few dozen active users can quickly become disorganized. - Barrier to entry: Content on Discord is inaccessible unless you have a Discord account, while almost all content on Reddit and Lemmy is available without registration. - Discoverability: Google (and other search engines) index Reddit and Lemmy, and relevant threads show up in searches. Discord content cannot be indexed, and won’t show up in searches. - Censorship: A Discord community is ultimately still controlled by a single Big Tech company, which can delete your community on a whim if they so choose. Lemmy, being a distributed social network, is inherently resistant to censorship.

                                  favicon

                                  (lemmy.dbzer0.com)

                                  Lemmy Explorer

                                  Instance and Community Explorer for Lemmy

                                  favicon

                                  (lemmyverse.net)

                                  1 Reply Last reply
                                  1
                                  • M muzzle@lemm.ee

                                    Can you recommend an instance with a federation policy as wide as lemm.ee? Lemmy.zip, for instance, does not federate with hexbear, right?

                                    lumun@lemmy.zipL This user is from outside of this forum
                                    lumun@lemmy.zipL This user is from outside of this forum
                                    lumun@lemmy.zip
                                    wrote last edited by
                                    #25

                                    We do federate with HB at .zip. No defederations from major instances.

                                    1 Reply Last reply
                                    1
                                    • solsangraal@lemmy.zipS solsangraal@lemmy.zip

                                      been on .zip 2 years-- its been great, and @Demigodrick@lemmy.zip is incredible as admin

                                      H This user is from outside of this forum
                                      H This user is from outside of this forum
                                      honytawk@lemmy.zip
                                      wrote last edited by honytawk@lemmy.zip
                                      #26

                                      Yes, the moderation has been great.

                                      Just sometimes the performance has been lacking. Like none of the pages loading and having to wait 15 minutes before they can be accessed again.

                                      Maybe it is because I connect from the middle of Europe or something though.

                                      1 Reply Last reply
                                      0
                                      Reply
                                      • Reply as topic
                                      Log in to reply
                                      • Oldest to Newest
                                      • Newest to Oldest
                                      • Most Votes


                                      • Login

                                      • Login or register to search.
                                      Powered by NodeBB Contributors
                                      • First post
                                        Last post
                                      0
                                      • Categories
                                      • Recent
                                      • Popular