mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

360K
active users

mcc

Core Rust infrastructure is frequently hosted on the .rs ccTLD. Some of these sites could be used to drive supply chain attacks if their domains were ever compromised. .rs is operated by an NGO, but ultimately controlled by the government of Serbia.

Do there exist plausible future chains of events that could lead to some future government of Serbia suspending, or redirecting, Rust project/community sites hosted under .rs? Does the Rust community have contingency plans for this hypothetical?

@mcc i'm more worried about .io for crates.io. that alone is far more infrastructure sunk cost than the rest of rust combined i think

@iliana @mcc So much tech stuff depends on the .io TLD and it's a UK/US military base whose territory might have to be handed back to Mauritius presumably meaning the ccTLD ceases to exist.

@crzwdjk Perhaps it will, but there's also some precedence that defunct ccTLDs are kept alive for some time: astrid.tech/2022/04/05/1/dead-

I imagine if this ever does go wrong there will be a transitional period. And even if there isn't, it will probably be annoying but it will be ok.

astrid.techWhat happens to TLDs when their country stops existing?

@mcc had to take this one out of my archive

@mcc well the President of Serbia is a Putin fan and the situation with Kosovo can escalate any time

@mcc we just don't believe there is an open source supply chain.

@mcc it's not like the country that controls com/net/org and like a significant majority of gTLDs inspires that much more confidence

@elomatreb I agree with this also.

@mcc The right way to solve this is not to address stuff with domains whose ownership is transient, but with some sort of address whose semantics are "the site run by the party who owned domain D at time T" in a way that's cryptographically provable via DNSSEC signature chain that was valid at time T and whose existence was attested to by a notary at time between T and T+ε.

@dalias @mcc Is there any viable protocol / prototype for something like that?

@ratsnakegames @mcc It's a longstanding goal of mine, and I have rough outlines for how it could work.

@dalias @mcc I've always said, the real use for NFT blockchains is to replace DNS. But they went off trading ape jpegs instead and ruined it.

@kitten_tech @mcc NFT DNS was a non starter because it had protection against double-spend (and thereby domain squatting, sales, etc. which would not exist in a just identity/name system).

@dalias @mcc and maybe we chain these hashes together in a series of blocks 🤔🤔🤔

@forensicgarlic @dalias Top-growing Merkle trees!! Top-growing Merkle trees!!! :(

Having mirrors on censorship-resistant platforms (e.g. Tor) may help with this sort of issue in the long run. That's my two cents.

@mcc dw i'm serbian and they don't even know rust exists

they love it. they love you using .rs domains esp for programming stuff and they like using that number. you won't believe it. you have a choice to stop or continue, seizures or attacks won't happen

@mcc @rcombs It's one of the issues with the DNS system.

I cannot think of a single TLD that isn't co-optable by malicious glowies somewhere.

It is fundamentally broken.

@mcc gosh I agree and I do hope something is done about this and the .io stuff too. We can't give up our independence for fancy domains!

@mcc does anyone really? On some level ALL TLDs could be taken over by a bad actor and we would all have to do what the Internet has always done. Route around the bullshit.

@frank I would argue ccTLDs and gTLDs present different risk profiles. In addition, not all ccTLDs are equal due to differing local laws and differing administrative structures for the ccTLD itself (as noted the current .rs administration is reasonable in a way that the hypothetical future appearance of meaningful risk would likely come with advance warning)

@mcc @frank also gTLDs have ICANN oversight in a way ccTLDs don't

@mcc oh absolutely definitely different risk profiles, I just think if any TLD was compromised it would be a real risk for hours/days and not weeks/months as the community moved to something else. It’s definitely worth thinking through, but I don’t think it’s a major concern worth moving preemptively over.

@mcc how about moving: the isle states that will be hit by climate change first could use the income and wouldn`t it fit?

@mcc not only because its name, but because it`s more efficient than other languages and can help to prevent the climate change, like: it self needs to protect earth to not cut its own roots